FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

win32-codecs -- multiple vulnerabilities

Affected packages
win32-codecs < 3.1.0.p8_1,1

Details

VuXML ID 24f6b1eb-43d5-11db-81e1-000e0c2e438a
Discovery 2006-09-08
Entry 2006-09-14
Modified 2006-10-17

The Apple Security Team reports that there are multiple vulnerabilities within QuickTime (one of the plugins for win32-codecs). A remote attacker capable of creating a malicious SGI image, FlashPix, FLC movie, or a QuickTime movie can possibly lead to execution of arbitrary code or cause a Denial of Service (application crash).

Users who have QuickTime (/win32-codecs) as a browser plugin may be vulnerable to remote code execution by visiting a website containing a malicious SGI image, FlashPix, FLC movie or a QuickTime movie.

References

Bugtraq ID 20138
CVE Name CVE-2006-4381
CVE Name CVE-2006-4382
CVE Name CVE-2006-4384
CVE Name CVE-2006-4385
CVE Name CVE-2006-4386
CVE Name CVE-2006-4388
CVE Name CVE-2006-4389
URL http://docs.info.apple.com/article.html?artnum=304357

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.