Apple has finally updated the Windows version of Quicktime to fix a 13-month old flaw which affects Windows XP and Windows Vista.
Apple has finally updated the Windows version of QuickTime to fix a 13-month-old flaw that affects Windows XP and Windows Vista.
The patch affects users of QuickTime 7.2 on Windows Vista, XP SP2, and addresses the vulnerability in CVE-2007-4673. Currently, viewing maliciously crafted QuickTime files may lead to arbitrary code execution.
"A command injection issue exists in QuickTime's handling of URLs in the qtnext field in files with QTL content. By enticing a user to open a specially crafted file, an attacker may cause an application to be launched with controlled command-line arguments, which may lead to arbitrary code execution," Apple describes.
For more information:
- Apple fixes year-old QuickTime flaw (ComputerWorld)
- Apple patches year-old Windows QuickTime vulnerability (InformationWeek)
- Apple patches QuickTime flaw (vnunet.com)
- Apple patches for QuickTime for Windows (iTWire)