---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Apple QuickTime RTSP Reply Reason-Phrase Buffer Overflow SECUNIA ADVISORY ID: SA28423 VERIFY ADVISORY: http://secunia.com/advisories/28423/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Apple QuickTime 7.x http://secunia.com/product/5090/ DESCRIPTION: Luigi Auriemma has reported a vulnerability in Apple QuickTime, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when handling RTSP replies and can be exploited to cause a buffer overflow via e.g. sending a specially crafted reply containing an overly-long "Reason-Phrase". Successful exploitation may allow execution of arbitrary code, but requires that the user is e.g. tricked into opening a malicious QTL file or visiting a malicious web site. The vulnerability is reported in version 7.3.1.70. Other versions may also be affected. SOLUTION: Do not browse untrusted websites, open malicious .QTL files, or follow untrusted links. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/quicktimebof-adv.txt OTHER REFERENCES: US-CERT VU#112179: http://www.kb.cert.org/vuls/id/112179 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------