Critical Apple QuickTime flaw dings Windows OS

Apple has shipped QuickTime 7.6.7 to fix a critical vulnerability that exposes Windows users to malicious hacker attacks.

Apple has shipped QuickTime 7.6.7 to fix a critical vulnerability that exposes Windows users to malicious hacker attacks.

The update, available for Windows XP SP3 and later, Windows Vista and Windows 7, corrects a flaw that could be exploited to launch remote code execution attacks.

According to Apple's advisory, the flaw could be exploited with a maliciously crafted movie file.

A stack buffer overflow exists in QuickTime's error logging. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by disabling debug logging. This issue does not affect Mac OS X systems.

QuickTime 7.6.7 may be obtained from the Windows software update application, or from theQuickTime Downloads site.