techPowerUp! Forums - View Single Post - New Zero-Day QuickTime Vulnerability Emerges

malware · Nov 27, 2007, 05:23 PM

Apple updated QuickTime to version 7.3 recently to address a much-exploited bug, but a new QuickTime vulnerability has emerged, prompting security agencies to issue warnings to those running QuickTime on either Windows XP or Windows Vista. There is no word yet on whether Mac OS X is vulnerable to the new QuickTime bug. Apple's QuickTime is vulnerable to malware disguised as streaming video, and attack code has been published on the milw0rm.com web site. According to the U.S. Computer Emergency Readiness Team, QuickTime versions 7.2 and 7.3, and perhaps earlier versions, contain a buffer-overflow bug. "Apple QuickTime contains a stack buffer overflow vulnerability in the way QuickTime handles the RTSP Content-Type header," US-CERT said. "This vulnerability may be exploited by convincing a user to connect to a specially crafted RTSP stream." RTSP is the Real-Time Streaming Protocol, which QuickTime supports. When users click on a link for a malicious RTSP stream, an attacker might be able to execute arbitrary code on the compromised system. Solutions of limiting this vulnerability until a new patch is released, can be found here.

Source: NewsFactor Network

Nov 27, 2007, 05:23 PM	#1
malware Eligible for custom title Join Date: Nov 2004 Location: Bulgaria Posts: 5,413 (1.74/day) Thanks: 78 Thanked 986 Times in 497 Posts System Specs	New Zero-Day QuickTime Vulnerability Emerges Apple updated QuickTime to version 7.3 recently to address a much-exploited bug, but a new QuickTime vulnerability has emerged, prompting security agencies to issue warnings to those running QuickTime on either Windows XP or Windows Vista. There is no word yet on whether Mac OS X is vulnerable to the new QuickTime bug. Apple's QuickTime is vulnerable to malware disguised as streaming video, and attack code has been published on the milw0rm.com web site. According to the U.S. Computer Emergency Readiness Team, QuickTime versions 7.2 and 7.3, and perhaps earlier versions, contain a buffer-overflow bug. "Apple QuickTime contains a stack buffer overflow vulnerability in the way QuickTime handles the RTSP Content-Type header," US-CERT said. "This vulnerability may be exploited by convincing a user to connect to a specially crafted RTSP stream." RTSP is the Real-Time Streaming Protocol, which QuickTime supports. When users click on a link for a malicious RTSP stream, an attacker might be able to execute arbitrary code on the compromised system. Solutions of limiting this vulnerability until a new patch is released, can be found here. Source: NewsFactor Network

Processor:	Intel Core 2 Quad Q6600 G0 VID: 1.2125
Motherboard:	GIGABYTE GA-P35-DS3P rev.2.0
Cooling:	Thermalright Ultra-120 eXtreme + Noctua NF-S12 Fan
Memory:	4x1 GB PQI DDR2 PC2-6400
Video Card:	Colorful iGame Radeon HD 4890 1 GB GDDR5
Hard Disk:	2x 500 GB Seagate Barracuda 7200.11 32 MB RAID0
Optical Drive:	LITE-ON IT LH-20A1L 20x SATA DVD±RW LightScribe
CRT/LCD Model:	BenQ G2400W 24-inch WideScreen LCD
Case:	Cooler Master COSMOS RC-1000 (sold), Cooler Master HAF-932 (delivered)
Sound Card:	Creative X-Fi XtremeMusic + Logitech Z-5500 Digital THX
PSU:	Chieftec CFT-1000G-DF 1kW
Software:	Laptop: Lenovo 3000 N200 C2DT2310/3GB/120GB/GF7300/15.4"/Razer