01.29.07
CVE-2007-015 (MOAB-01-01-07) Patched on OS X Only
According to MOAB's advisory the Windows version of Quicktime (7.1.3) is vulnerable to CVE-2007-015. Secunia futher narrows this down by telling us that 7.1.3.100 is the vulnerable Windows version and says to apply Security Update 2007-001 to fix the problem.
In my last round of Bloglines reading before bed, I stumbled across a new post on the SBS Diva Blog, claiming that there wasn't a Windows patch for CVE-2007-015. I did some searching -- Downloaded the newest Quicktime from the Quicktime Site, Checked the Apple Support Downloads page, and ran Check for New updates inside Quicktime. None of these yielded an update and I'm still at version 7.1.3.100 (I updated my Mac since it popped up with a nice update message... but didn't think to look previously on Windows).
I'm sort of curious about this so I've fired off email to both Apple PR and Quicktime Support. Should I get a response... or anyone know another (more "out-of-the-way") method of updating the Windows Quicktime, I'd love for you to share it.
Susan said,
January 29, 2007 at 2:48 am
The updater “inside” of Quicktime won’t patch this.. you MUST install the patch from the separately installed updater tool.
Susan said,
January 29, 2007 at 3:00 am
http://marc.theaimsgroup.com/?l=patchmanagement&m=116983477503580&w=2 There’s an alternative there..but it’s not pretty either…