Updated:  April 01, 2003

Status

Affected

Vendor Statement

APPLE-SA-2003-03-31 QuickTime Player for Windows A potential vulnerability in Apple's QuickTime Player for Windows could allow a remote attacker to compromise a target system. This exploit is only possible if the attacker can convince a user to load a specially crafted QuickTime URL. Upon successful exploitation, arbitrary code can be executed under the privileges of the QuickTime user. CVE Candidate ID: CAN-2003-0168 Versions affected: QuickTime Player versions 5.x and 6.0 for Windows. QuickTime Player for Mac OS and Mac OS X are not affected. Recommendation: Install QuickTime version 6.1 for Windows QuickTime 6.1 for Windows is available via: http://www.apple.com/quicktime/download/ - or - "Update Existing Software" menu item in QuickTime Player Credit to Texonet (http://www.texonet.com/) for discovering this vulnerability. Apple Product Security http://www.apple.com/support/security/

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.