Security Hole in Windows' QuickTime Player

Zonoprh writes "A Security Hole was found in QuickTime player that allows attackers to compromise a user's system with a malicious URL. The hole is fixed in QuickTime 6.1 available here. Until then, hold off on playing "unusually" enticing QT files."

Section?

[cappadocius]

How much good will this do in the Apple section if the bug is in the Windows version?

Is the Crossover install of Quicktime vulnerable?

[repoleved]

Could someone please comment regarding whether the vulnerability affects wine? I saw the other post saying that it had to do with a registry key buffer overflow, so it seems possible that wine might not have this vunerability.

If so, then, are we Linux users safe from this particular bug? In either case, will the upcoming version of Crossover Plugin support QT6.1?

Hold off?

[90XDoubleSide]

until then, hold off on playing "unusually" enticing QT files.Umm... QuickTime 6.1 was released on January 9th; I would think most people would already have this patched.

FUD alert

[slittle]

WTF do you mean "extension to DOS"? You mean command line parameters (arguements)? Unix does the same thing. There are plenty of ways around using parameters under Windows, but they're more trouble to code for (IMO) for such a simple task, and not backward compatible - there is nothing wrong with the parameter method as long as idiot programms check their fucking buffers.

Re:FUD alert

[Col+Bat+Guano]

"as long as idiot programms check their fucking buffers"

But then the history of programming is one of people not doing the things they should.

Yes, they should check their buffers, but clearly they don't.

A bit of defensive programming goes a long way, in all and every bit of software.