Apple Computer Inc. Information for VU#112553
Apple QuickTime Player for Windows contains buffer overflow in processing of overly long QuickTime URLs
- Vendor Information Help Date Notified:
- Statement Date:
- Date Updated: 01 Apr 2003
APPLE-SA-2003-03-31 QuickTime Player for Windows
A potential vulnerability in Apple's QuickTime Player for Windows could
allow a remote attacker to compromise a target system. This exploit is
only possible if the attacker can convince a user to load a specially
crafted QuickTime URL. Upon successful exploitation, arbitrary code
can be executed under the privileges of the QuickTime user.
CVE Candidate ID: CAN-2003-0168
Versions affected: QuickTime Player versions 5.x and 6.0 for Windows.
QuickTime Player for Mac OS and Mac OS X are not affected.
Recommendation: Install QuickTime version 6.1 for Windows
QuickTime 6.1 for Windows is available via:
- or -
"Update Existing Software" menu item in QuickTime Player
Credit to Texonet (http://www.texonet.com/) for discovering this
Apple Product Security
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.