1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

New Zero-Day QuickTime Vulnerability Emerges

Discussion in 'News' started by malware, Nov 27, 2007.

  1. malware New Member

    Joined:
    Nov 7, 2004
    Messages:
    5,476 (1.53/day)
    Thanks Received:
    956
    Location:
    Bulgaria
    Apple updated QuickTime to version 7.3 recently to address a much-exploited bug, but a new QuickTime vulnerability has emerged, prompting security agencies to issue warnings to those running QuickTime on either Windows XP or Windows Vista. There is no word yet on whether Mac OS X is vulnerable to the new QuickTime bug. Apple's QuickTime is vulnerable to malware disguised as streaming video, and attack code has been published on the milw0rm.com web site. According to the U.S. Computer Emergency Readiness Team, QuickTime versions 7.2 and 7.3, and perhaps earlier versions, contain a buffer-overflow bug. "Apple QuickTime contains a stack buffer overflow vulnerability in the way QuickTime handles the RTSP Content-Type header," US-CERT said. "This vulnerability may be exploited by convincing a user to connect to a specially crafted RTSP stream." RTSP is the Real-Time Streaming Protocol, which QuickTime supports. When users click on a link for a malicious RTSP stream, an attacker might be able to execute arbitrary code on the compromised system. Solutions of limiting this vulnerability until a new patch is released, can be found here.

    Source: NewsFactor Network
  2. F-22 New Member

    Joined:
    Nov 9, 2007
    Messages:
    103 (0.04/day)
    Thanks Received:
    7
  3. WhiteLotus

    WhiteLotus

    Joined:
    Jul 30, 2007
    Messages:
    6,532 (2.52/day)
    Thanks Received:
    847
    F-22, do you really hate Macs that much?
    this has nothing to do with Macs, its a Quicktime problem - and although i don't use it i hope they get this problem sorted out!

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page