=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN306
_____________________________________________________________________

DATE                      : 13/08/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows 7, Windows Vista, Windows XP
                                running QuickTime versions prior to QuickTime.

======================================================================
http://support.apple.com/kb/HT4290
______________________________________________________________________

APPLE-SA-2010-08-12-1 QuickTime QuickTime

QuickTime 7.6.7 is now available and addresses the following:

QuickTime
CVE-ID:  CVE-2010-1799
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description:  A stack buffer overflow exists in QuickTime's error
logging. Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed by disabling debug logging. This issue does not
affect Mac OS X systems.


QuickTime 7.6.7 may be obtained from the Software Update
application, or from the QuickTime Downloads site:
http://www.apple.com/quicktime/download/

For Windows 7 / Vista / XP SP2 or later
The download file is named: "QuickTimeInstaller.exe"
Its SHA-1 digest is: 38a132fe1969e617f33c00ebae3ce34a7695113f

QuickTime 7.6.7 is not presented to Mac OS X systems.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================