The recent number of unpatched QuickTime flaws is: two

To: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: The recent number of unpatched QuickTime flaws is: two
From: Juha-Matti Laurio <juha-matti.laurio@xxxxxxxx>
Date: Wed, 5 Dec 2007 02:53:13 +0200 (EET)
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

The QuickTime RTSP vulnerability reported on 23th Nov is not the only unpatched 
remote vulnerability in QuickTime player.

It appears that WabiSabiLabi team has reported that there is another (they call 
it zero-day vuln) flaw too, affecting to XP systems.

The CVE name for this second issue reported by unknown person is CVE-2007-6238. 
The CVSS score is 10.0, in turn.

I have written a summary with reference links here:
http://blogs.securiteam.com/?p=1046

- Juha-Matti

Prev by Date: Re: sing (debian) vunlerability?
Next by Date: [ MDKSA-2007:236 ] - Updated openssh packages fix X11 cookie vulnerability
Previous by thread: [USN-546-2] Firefox regression
Next by thread: [ MDKSA-2007:236 ] - Updated openssh packages fix X11 cookie vulnerability
Index(es):
- Date
- Thread