Alert GCSA-10034 - Vulnerabilita' in Apple QuickTime
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10034
Data : 04 Aprile 2010
Titolo : Vulnerabilita' in Apple QuickTime
******************************************************************
:: Descrizione del problema
Sono state riscontrate alcune vulnerabiita' in Apple QuickTime,
che potrebbero essere sfruttate da un attaccante remoto per eseguire
codice arbitrario e compromettere un sistema che ne sia affetto.
Per una descrizione completa delle vulnerabilita' fare riferimento
alla segnalazione ufficiale di Apple al seguente link:
http://support.apple.com/kb/HT4104
:: Software interessato
Apple QuickTime 7.x
:: Impatto
Esecuzione di codice arbitrario
Ottenimento del controllo completo del sistema
:: Soluzioni
Aggiornare alla versione 7.6.6
http://www.apple.com/quicktime/download/
:: Riferimenti
Apple:
http://support.apple.com/kb/HT4104
VuPen:
http://www.vupen.com/english/advisories/2010/0746
Secunia:
http://secunia.com/advisories/39133/
CVE Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0514
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0518
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0520
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0526
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0527
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0528
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0529
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0536
-----BEGIN PGP SIGNATURE-----
iQCVAwUBS7WX+vOB+SpikaiRAQJ9lQQAsEgci+cptSjREHx1ONFDL5v6oi3eG+pG
CGQNaLzVXZWPh2PiY7tS+hkgF2vhMr4OEJAYz2888pZZY3Ks+e3Y6N3+REKMhISR
zF9ezBeOcQ1WkND0ayFfC477H4A186K5VEPDJByw5WNT9QRYXO3HhTPPnBfCPUwz
pVhHScdufkw=
=KA/9
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10034
Data : 04 Aprile 2010
Titolo : Vulnerabilita' in Apple QuickTime
******************************************************************
:: Descrizione del problema
Sono state riscontrate alcune vulnerabiita' in Apple QuickTime,
che potrebbero essere sfruttate da un attaccante remoto per eseguire
codice arbitrario e compromettere un sistema che ne sia affetto.
Per una descrizione completa delle vulnerabilita' fare riferimento
alla segnalazione ufficiale di Apple al seguente link:
http://support.apple.com/kb/HT4104
:: Software interessato
Apple QuickTime 7.x
:: Impatto
Esecuzione di codice arbitrario
Ottenimento del controllo completo del sistema
:: Soluzioni
Aggiornare alla versione 7.6.6
http://www.apple.com/quicktime/download/
:: Riferimenti
Apple:
http://support.apple.com/kb/HT4104
VuPen:
http://www.vupen.com/english/advisories/2010/0746
Secunia:
http://secunia.com/advisories/39133/
CVE Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0514
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0518
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0520
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0526
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0527
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0528
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0529
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0536
-----BEGIN PGP SIGNATURE-----
iQCVAwUBS7WX+vOB+SpikaiRAQJ9lQQAsEgci+cptSjREHx1ONFDL5v6oi3eG+pG
CGQNaLzVXZWPh2PiY7tS+hkgF2vhMr4OEJAYz2888pZZY3Ks+e3Y6N3+REKMhISR
zF9ezBeOcQ1WkND0ayFfC477H4A186K5VEPDJByw5WNT9QRYXO3HhTPPnBfCPUwz
pVhHScdufkw=
=KA/9
-----END PGP SIGNATURE-----