Intrusion Prevention

Apple.QuickTime.For.Java.Information.Disclosure

Description

It indicates a possible exploit of an information disclosure vulnerability in QuickTime for Java on Mac OS X, when used with Quartz Composer. It may allow remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects.

Affected Products

Apple Mac OS X Server 10.4.8
Apple Mac OS X 10.4.8

Impact

Information disclosure.

Recommended Actions

The vendor has released an advisory and fixes to address this issue. Please see the references for more information.
Apple Mac OS X Server 10.4.8
* Apple SecUpd2006-008Ti.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=12412&cat= 1&platform=osx&method=sa/SecUpd2006-008Ti.dmg
* Apple SecUpd2006-008Univ.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=12413&cat= 1&platform=osx&method=sa/SecUpd2006-008Univ.dmg
Apple Mac OS X 10.4.8
* Apple SecUpd2006-008Ti.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=12412&cat= 1&platform=osx&method=sa/SecUpd2006-008Ti.dmg
* Apple SecUpd2006-008Univ.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=12413&cat= 1&platform=osx&method=sa/SecUpd2006-008Univ.dmg

CVE References

CVE-2006-5681