Apple has issued a new version of its QuickTime video player for Windows to address a "critical" vulnerability that could allow cybercriminals to execute arbitrary code on an affected system.
QuickTime 7.6.7 resolves a stack buffer overflow vulnerability in QuickTime's error logging process, according to Apple's advisory. Because of the flaw, viewing a maliciously crafted movie file could lead to unexpected application termination or arbitrary code execution.
The flaw impacts Windows 7, Vista, and XP SP 2 and 3, according to Apple. The issue does not affect Mac OS X systems.
Researchers earlier this month discovered two movie files on file-sharing networks that were taking advantage of QuickTime Player to download malware from malicious websites.
But the attack, which used .MOV files that masqueraded as the new Angelina Jolie film Salt, did not take advantage of a flaw but instead relied on social engineering to trick users into downloading the malware, Apple has said.
See original article on scmagazineus.com
