=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2009/VULN033
_____________________________________________________________________

DATE                      : 26/01/2009

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows Vista, Windows XP running QuickTime.

======================================================================
http://support.apple.com/kb/HT3404
______________________________________________________________________

APPLE-SA-2009-01-21 QuickTime MPEG-2 Playback Component

The QuickTime MPEG-2 Playback Component for Windows is now available
and addresses the following issue:

CVE-ID:  CVE-2009-0008

Available for:  Windows Vista, XP SP2 and SP3

Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution

Description:  An input validation issue exists in the QuickTime
MPEG-2 Playback Component for Windows. Accessing a maliciously
crafted movie file may lead to an unexpected application termination
or arbitrary code execution. This update addresses the issue by
performing additional validation of MPEG-2 files. This issue does not
affect systems running Mac OS X. Credit to Richard Lemon of Code
Lemon for reporting this issue.

The QuickTime MPEG-2 Playback Component is not installed by default,
and is provided separately from QuickTime. Details are available via
http://www.apple.com/quicktime/mpeg2/ Users who have paid for and
downloaded an earlier version of the QuickTime MPEG-2 Playback
Component from the Apple Store may download the updated version for
free.

The steps to determine that a system has the updated version are
listed at http://support.apple.com/kb/HT3381.
The version number of the updated QuickTime MPEG-2 Playback
Component for Windows is 7.60.92.0.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================