Fixlet Site - VulnerabilitiestoWindowsSystems
Current Version: 133	Published: Thu, 02 Oct 2008 17:02:56  GMT

New Fixlets:
============

***************************************************************
Title: Apple QuickTime Filetype Remote Off-By-One Stack Buffer Overflow Vulnerability
Severity: High
Fixlet ID: 593601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval5936.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4116
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Heap-based buffer overflow in Apple QuickTime 7.5.5 (7.55.90.70) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file.

***************************************************************
Title: Apple iTunes Filetype Remote Off-By-One Stack Buffer Overflow Vulnerability
Severity: High
Fixlet ID: 611301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6113.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4116
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Heap-based buffer overflow in iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file.