Apple has shipped QuickTime 7.6.7 to fix a critical vulnerability that exposes Windows users to malicious hacker attacks.

The update, available for Windows XP SP3 and later, Windows Vista and Windows 7, corrects a flaw that could be exploited to launch remote code execution attacks.

According to Apple’s advisory, the flaw could be exploited with a maliciously crafted movie file.

A stack buffer overflow exists in QuickTime’s error logging. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by disabling debug logging. This issue does not affect Mac OS X systems.

QuickTime 7.6.7 may be obtained from the Windows software update application, or from the QuickTime Downloads site.

Categories: Vulnerabilities

Comment (1)

  1. Anonymous
    1

    And sadly, this still leaves vegas pro 8 users unable to work with .mov files.  So we get to choose either security (quicktimeplayer767.exe)  or production.(quicktimeplayer765.exe)

Comments are closed.