Apple releases QuickTime 7.7.3 for Windows, patches critical security vulnerabilities

Summary: Apple just released QuickTime 7.7.3 for Windows, patching critical security vulnerabilities that could allow arbitrary code execution.

By Dancho Danchev for Zero Day | November 9, 2012 -- 15:49 GMT (07:49 PST)

Follow @danchodanchev

Apple just released QuickTime 7.7.3 for Windows, patching critical security vulnerabilities that could allow arbitrary code execution.

More details on the patched vulnerabilities:

CVE-2011-1374 - Viewing a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution
CVE-2012-3757 - Viewing a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution
CVE-2012-3751 - Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
CVE-2012-3758 - Viewing a maliciously crafted QuickTime TeXML file may lead to an unexpected application termination or arbitrary code execution
CVE-2012-3752 - Viewing a maliciously crafted QuickTime TeXML file may lead to an unexpected application termination or arbitrary code execution
CVE-2012-3753 - Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
CVE-2012-3754 - Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
CVE-2012-3755 - Viewing a maliciously crafted Targa file may lead to an unexpected application termination or arbitrary code execution
CVE-2012-3756 - Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

Users are advised to upgrade to the latest version immediatelly.

Find out more about Dancho Danchev at his LinkedIn profile.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments

Log in or register to join the discussion

...and here we go!

Sorry, Chkaiban - did you say something...

William Farrel

9 November, 2012 17:20

Reply 1 Vote

more buggy

code from apple

hoppmang

9 November, 2012 21:45

Reply 3 Votes

Apple Products Should Be Band On Windows.

They have more security bugs than any other product on Windows. Is it a coincidence that they are competitors and Apple used the malware on Windows against MS in past comercials ("I'm A MAC, I'm A PC")?

rmark@...

12 November, 2012 21:46

Reply Vote

arbitary code execution

how do you rely on a vendor when they make software that can execute external code from something as innocent as a font or a media file?

warboat

12 November, 2012 23:50

Reply Vote

Here we go again...

So what took mApple so long? They sat on 9 vulnerabilities. Shouldn't they release an update a bit sooner instead wait months.

[Oh now i know why. They will now claim they only release let's say 5 updates this year instead of the usual dozen by delaying updates - of course making our coimputers vulnerable to problems.]

Gisabun

17 November, 2012 04:08

Reply Vote

The best of ZDNet, delivered

White Papers, Webcasts, & Resources

Energy Savings Performance Contracts for Federal Data Center Consolidation

The initial capital investment for federal agency data center energy conservation projects can be daunting. Read this paper to learn how Energy Savings Performance Contracts provide federal agencies with an alternative financing option.
Three Ways to Improve Your Data Storage Capabilities

Whether you're thinking of switching to the cloud or just searching for a scalable solution, this guide will offer best practice tips and strategies for improving data storage.
System x Selection Tool

Check out this simple IBM® System x® Selection Tool to find out which server solution can offer you the ROI and performance gains you need at a price you can afford.