Print Page - QuickTime critical vunerability

Title: QuickTime critical vunerability
Post by: Gary on Nov 26, 2007, 18:10:34

Quote from Secunia "A vulnerability in Apple QuickTime, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error when processing RTSP replies and can be exploited to cause a stack-based buffer overflow via a specially crafted RTSP reply containing an overly long "Content-Type" header.

Successful exploitation allows execution of arbitrary code and requires that the user is e.g. tricked into opening a malicious QTL file or visiting a malicious web site.

The vulnerability is confirmed in version 7.3. Other versions may also be affected.

NOTE: A working exploit is publicly available.

Solution:
Do not browse untrusted websites, follow untrusted links, nor open untrusted QTL files"

Title: Re: QuickTime critical vunerability
Post by: Rik on Nov 26, 2007, 18:13:04

Again... :sigh:

Thanks, Gary.

Title: Re: QuickTime critical vunerability
Post by: Gary on Nov 26, 2007, 18:14:34

I know, and you said last time it updated what bugs will this version bring :hide2:

Title: Re: QuickTime critical vunerability
Post by: Rik on Nov 26, 2007, 18:18:48

Apple just don't seem to be able to get to grips. Ever since they updated the software for Vista, there seems to have been a rash of fixes. Not good. >:(

Title: Re: QuickTime critical vunerability
Post by: Gary on Nov 26, 2007, 18:24:03

I agree and now with an exploit in the wild that's bad news for us all, hopefully they will patch it quickly , what with that and FF this week its all go, thing is its not great for the casual browser who has no idea that there is even a vulnerability or where to look to find out such information, >:(

Title: Re: QuickTime critical vunerability
Post by: Rik on Nov 26, 2007, 18:24:54

Indeed not, Gary - they need greater protection from the software houses.

Title: Re: QuickTime critical vunerability
Post by: Gary on Nov 26, 2007, 18:28:35

Back to that dumb terminal dare I say it, software rather than the OS is more the target these days than ever before, even XP is better than it used to be so hackers have got Vista which is a tough cookie XP and thats quite tight now, so its the plugins other programs and even the Antivirus software itself they go for >:(

Title: Re: QuickTime critical vunerability
Post by: Rik on Nov 26, 2007, 18:31:21

Life was easier when you only got a virus if you put an unknown floppy in your machine. :police:

Title: Re: QuickTime critical vunerability
Post by: Gary on Nov 26, 2007, 19:41:10

Quote from: Rik on Nov 26, 2007, 18:31:21
Life was easier when you only got a virus if you put an unknown floppy in your machine. :police:

Depends how drunk you were Rik *ahem* :evilb:

Title: Re: QuickTime critical vunerability
Post by: Lance on Nov 26, 2007, 22:38:10

Thanks for the warning, Gary. I'm getting fed up with the constant Apple updates really, just wish they could sort their programs out!

Title: Re: QuickTime critical vunerability
Post by: Gary on Nov 27, 2007, 06:08:17

I so agree Lance :(

Title: Re: QuickTime critical vunerability
Post by: Gary on Nov 27, 2007, 06:54:43

For now I have blocked all all tcp and udp activity for Quicktime 7.3 in my firewall to help mitigate the issue, hope its patched soon its a nasty vulnerability :(

IDNetters Forums

Technical News & Discussion => Windows News & Discussion => Topic started by: Gary on Nov 26, 2007, 18:10:34