Alert GCSA-11058 - Vulnerabilita' in Apple QuickTime
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-11058
Data : 05 Agosto 2011
Titolo : Vulnerabilita' in Apple QuickTime
******************************************************************
:: Descrizione del problema
Sono state riscontrate alcune vulnerabiita' in Apple QuickTime,
che potrebbero essere sfruttate da un attaccante remoto per eseguire
codice arbitrario e compromettere un sistema che ne sia affetto.
Per una descrizione completa delle vulnerabilita' fare riferimento
alla segnalazione ufficiale di Apple al seguente link:
http://support.apple.com/kb/HT4826
:: Software interessato
Apple QuickTime 7.x
:: Impatto
Esecuzione di codice arbitrario
Ottenimento del controllo completo del sistema
Compromissione del sistema
:: Soluzioni
Aggiornare alla versione 7.7.
http://www.apple.com/quicktime/download/
:: Riferimenti
Apple:
http://support.apple.com/kb/HT4826
Secunia:
http://secunia.com/advisories/45516/
CVE Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0247
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0250
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0252
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTjv++POB+SpikaiRAQISIQP+J6rt578LWRTHdlRAbPLXV0MPkMcEcRcx
fzAPZrlr3OkjX6gk+TM/XgvMcFQACsqtvCBMBEUGsLhY/Uzb4I285r/MS/tUHjRj
Lby7DQ6ssbLY1EO3qT19xk2psSUBzoCTgXT19lXZhHXkzPmgRPaI2OTUlkpZFfPK
SytM6fEr5xk=
=bXTg
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-11058
Data : 05 Agosto 2011
Titolo : Vulnerabilita' in Apple QuickTime
******************************************************************
:: Descrizione del problema
Sono state riscontrate alcune vulnerabiita' in Apple QuickTime,
che potrebbero essere sfruttate da un attaccante remoto per eseguire
codice arbitrario e compromettere un sistema che ne sia affetto.
Per una descrizione completa delle vulnerabilita' fare riferimento
alla segnalazione ufficiale di Apple al seguente link:
http://support.apple.com/kb/HT4826
:: Software interessato
Apple QuickTime 7.x
:: Impatto
Esecuzione di codice arbitrario
Ottenimento del controllo completo del sistema
Compromissione del sistema
:: Soluzioni
Aggiornare alla versione 7.7.
http://www.apple.com/quicktime/download/
:: Riferimenti
Apple:
http://support.apple.com/kb/HT4826
Secunia:
http://secunia.com/advisories/45516/
CVE Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0247
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0250
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0252
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTjv++POB+SpikaiRAQISIQP+J6rt578LWRTHdlRAbPLXV0MPkMcEcRcx
fzAPZrlr3OkjX6gk+TM/XgvMcFQACsqtvCBMBEUGsLhY/Uzb4I285r/MS/tUHjRj
Lby7DQ6ssbLY1EO3qT19xk2psSUBzoCTgXT19lXZhHXkzPmgRPaI2OTUlkpZFfPK
SytM6fEr5xk=
=bXTg
-----END PGP SIGNATURE-----