buffer

On Wednesday, Apple released QuickTime 7.4.1. The update is for users of Mac OS X v10.3.9, Mac OS X v10.4.7, Mac OS X v10.5 or later, and Windows Vista and Windows XP SP2. It addresses the vulnerability described in CVE-2008-0234.

By enticing a user to visit a maliciously crafted Web page, Apple says that an attacker may use an unpatched version of QuickTime to cause an unexpected application termination or arbitrary code execution. The vulnerability is a heap buffer overflow that exists in QuickTime's handling of HTTP responses when RTSP tunneling is … Read more

There is a new exploit that affects how Apple QuickTime handles the Real Time Streaming Protocol (RTSP) and may allow an attacker to execute arbitrary code or cause a denial-of-service attack on a vulnerable system. The condition is similar yet different from a QuickTime RTSP flaw reported in December. This new vulnerability can occur on a fully patched QuickTime version 7.3.1, running on Windows and possibly Mac OS X.

Discovered by Luigi Auriemma, details can be found here, and here. Auriemma provides an exploit example on his site and writes: "For exploiting this vulnerability is only needed … Read more

IBM has released a patch for highly critical security flaws in its Lotus Notes, following the discovery of vulnerabilities in a third-party software component used in Lotus 1-2-3.

Users who open a malicious file attachment can trigger a buffer overflow, as Lotus 1-2-3 tries to process the Lotus Worksheet file format. The vulnerabilities could allow a malicious attacker to take control of a user's system remotely and execute arbitrary code, according to Core Security Technologies, which issued a security advisory on Tuesday.

"Although these specific vulnerabilities exist on a third-party component, the problem is compounded by the way … Read more