安全漏洞:CN-VA09-41
发布日期:2009年6月5日
漏洞类型:缓冲区溢出漏洞
漏洞评估:严重
影响系统:
Apple QuickTime Player 7.6.1
Apple QuickTime Player 7.5.5
Apple QuickTime Player 7.4.5
Apple QuickTime Player 7.4.1
Apple QuickTime Player 7.3.1 .70
Apple QuickTime Player 7.3.1
Apple QuickTime Player 7.1.6
Apple QuickTime Player 7.1.5
Apple QuickTime Player 7.1.4
Apple QuickTime Player 7.1.3
Apple QuickTime Player 7.1.2
Apple QuickTime Player 7.1.1
Apple QuickTime Player 7.0.4
Apple QuickTime Player 7.0.3
Apple QuickTime Player 7.0.2
Apple QuickTime Player 7.0.1
Apple QuickTime Player 7.0
Apple QuickTime Player 6.5.2
Apple QuickTime Player 6.5.1
Apple QuickTime Player 6.5
Apple QuickTime Player 6.1
Apple QuickTime Player 5.0.2
Apple QuickTime Player 7.6
Apple QuickTime Player 7.5
Apple QuickTime Player 7.4
Apple QuickTime Player 7.4
Apple QuickTime Player 7.3
Apple QuickTime Player 7.2
Apple QuickTime Player 7.1
Apple QuickTime Player 6.4
Apple QuickTime Player 6
不受影响系统:
Apple QuickTime Player 7.6.2
漏洞描述:
Apple QuickTime是一款流行的多媒体播放器。Apple QuickTime处理JP2图像时存在缓冲区溢出漏洞,远程攻击者可利用该漏洞引诱用户打开精心准备的文件或网页。攻击者攻击成功则可在用户主机上执行任意指令,即使攻击不成功可能导致主机拒绝服务。该漏洞影响涉及装有上述版本Apple QuickTime软件的微软Windows Vita、Windows XP SP3 、Mac OS X操作系统。
目前针对该漏洞的攻击程序是否出现还未可知。不过厂商已经提供解决方案,请广大用户及时下载更新。
参考信息:
http://www.securityfocus.com/bid/35165/info
http://support.apple.com/kb/HT3591
http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html
http://www.doecirc.energy.gov/bulletins/t-152.shtml
http://www.vupen.com/english/advisories/2009/1469
http://www.zerodayinitiative.com/advisories/ZDI-09-029/
信息提供者:
Apple
其它信息:
相关CVE编号:
CVE-2009-0957
漏洞报告文档编写:
CNCERT/CC
安全公告文档编写:
CNCERT/CC