Fixlet Site - VulnerabilitiestoWindowsSystems
Current Version: 154	Published: Tue, 03 Feb 2009 18:09:09  GMT

New Fixlets:
============

***************************************************************
Title: Apple QuickTime QTVR Heap Based buffer overflow vulnerability
Severity: High
Fixlet ID: 564601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval5646.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0002
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QTVR movie file with crafted THKD atoms.

***************************************************************
Title: Apple QuickTime MPEG-2 Unspecified Vulnerability
Severity: High
Fixlet ID: 597401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval5974.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0008
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie.

***************************************************************
Title: Apple QuickTime JPEG Heap Based buffer overflow vulnerability
Severity: High
Fixlet ID: 613201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6132.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0007
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QuickTime movie file containing invalid image width data in JPEG atoms within STSD atoms.

***************************************************************
Title: Apple QuickTime RTSP URL Heap Based buffer overflow vulnerability
Severity: High
Fixlet ID: 613501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6135.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0001
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL.

***************************************************************
Title: Apple QuickTime cinepak Heap Based buffer overflow vulnerability
Severity: High
Fixlet ID: 615301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6153.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0006
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Integer signedness error in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a Cinepak encoded movie file with a crafted MDAT atom that triggers a heap-based buffer overflow.

***************************************************************
Title: Apple QuickTime H.263 Unspecified Vulnerability
Severity: High
Fixlet ID: 618701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6187.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0005
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted H.263 encoded movie file that triggers memory corruption.

***************************************************************
Title: Apple QuickTime MP3 Buffer Overflow Vulnerability
Severity: High
Fixlet ID: 621101
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6211.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0004
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted MP3 audio file.

***************************************************************
Title: Apple QuickTime AVI Heap Based buffer overflow vulnerability
Severity: High
Fixlet ID: 621801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval6218.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0003
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via an AVI movie file with an invalid nBlockAlign value in the _WAVEFORMATEX structure.