US CERT - another QuickTime vulnerability warning - other APPLE

| NOTE: Win9X/ME users, your APPLE Quicktime is severly outdated…. look for
| alternative codex offerings if you need support for the extensions.
| The newer QuickTime players do NOT support 9X/ME/NT.
|
| —–BEGIN PGP SIGNED MESSAGE—–
| Hash: SHA1
|
| National Cyber Alert System
|
| Technical Cyber Security Alert TA08-094A
|
| Apple Updates for Multiple Vulnerabilities
|
| Original release date: April 3, 2008
| Last revised: –
| Source: US-CERT
|
| Systems Affected
|
| * Apple Mac OS X running versions of QuickTime prior to 7.4.5
| * Microsoft Windows running versions of QuickTime prior to 7.4.5
|
| Overview
|
| Apple QuickTime contains multiple vulnerabilities as described in the
| Apple Knowledgebase article HT1241. Exploitation of these
| vulnerabilities could allow a remote attacker to execute arbitrary
| code or cause a denial-of-service condition.
|
| I. Description
|
| Apple QuickTime 7.4.5 vulnerabilities in the way different types of
| image and media files are handled. An attacker could exploit these
| vulnerabilities by convincing a user to access a specially crafted
| image or media file that could be hosted on a web page.
|
| Note that Apple iTunes installs QuickTime, so any system with iTunes
| may be vulnerable.
|
| II. Impact
|
| These vulnerabilities could allow a remote, unauthenticated attacker
| to execute arbitrary code or cause a denial-of-service condition. For
| further information, please see Apple knowledgebase article HT1241
| about the security content of QuickTime 7.4.5
|
| III. Solution
|
| Upgrade QuickTime
|
| Upgrade to QuickTime 7.4.5. This and other updates for Mac OS X are
| available via Apple Update.
|

< snip >

Vulnerabilities in QuickTime are actively being exploited.

Unfortunately, Win98 is no longer supported so the ONLY solution is the removal of
QuickTime.

–
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp