Memory corruption when handling H.264, .m4v, SMIL or arbitrary movie file content can lead to arbitrary code execution.

This update also provides enhanced protection for the QuickTime for Java issue that was patched earlier this year. Further issues affecting QuickTime for Java have also been addressed, including removing support for JDirect.

Description:

Apple Inc have released version 7.2 of the QuickTime media codec and associated player application. This release addresses a number of serious vulnerabilities that can allow a remote attacker to take over a vulnerable system if the victim can be convinced to interact with a malicious media file.

In addition to fixing security issues, QuickTime 7.2 provides enhanced capabilities to QuickTime

Mitigation:

Update to QuickTime 7.2 at the earliest opportunity, either through the download link below, or through Software Update.

Updates:

http://www.apple.com/support/downloads/

Source:

http://docs.info.apple.com/article.html?artnum=61798

Exploits:

Various

CVE-ID: CVE-2007-2295 CVE-ID: CVE-2007-2392CVE-ID: CVE-2007-2296 CVE-ID: CVE-2007-2393 CVE-ID: CVE-2007-2396CVE-ID: CVE-2007-2402