• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Apple Patches Year-Old Windows QuickTime Vulnerability

malware

New Member
Joined
Nov 7, 2004
Messages
5,422 (1.12/day)
Likes
954
Location
Bulgaria
Processor Intel Core 2 Quad Q6600 G0 VID: 1.2125
Motherboard GIGABYTE GA-P35-DS3P rev.2.0
Cooling Thermalright Ultra-120 eXtreme + Noctua NF-S12 Fan
Memory 4x1 GB PQI DDR2 PC2-6400
Video Card(s) Colorful iGame Radeon HD 4890 1 GB GDDR5
Storage 2x 500 GB Seagate Barracuda 7200.11 32 MB RAID0
Display(s) BenQ G2400W 24-inch WideScreen LCD
Case Cooler Master COSMOS RC-1000 (sold), Cooler Master HAF-932 (delivered)
Audio Device(s) Creative X-Fi XtremeMusic + Logitech Z-5500 Digital THX
Power Supply Chieftec CFT-1000G-DF 1kW
Software Laptop: Lenovo 3000 N200 C2DT2310/3GB/120GB/GF7300/15.4"/Razer
#1
Apple has taken another swing at fixing a troublesome spate of QuickTime vulnerabilities. The company released an update for the Windows version of QuickTime media player on Wednesday afternoon to patch what Apple calls a "command injection issue" in the way the media player handles URLs. The flaw, which affects Windows XP and Windows Vista, was first disclosed in September of 2006 by Petko D. Petkov, a penetration tester. Petkov noted in a blog post this September that he reported two QuickTime bugs in the early fall of 2006. Only one, however, was patched. To bring attention to the year-old vulnerability, Petkov posted several proof-of-concept exploits on his blog last month. The issue does not affect computers running Mac OS X, according to Apple.

Source: InformationWeek
 

Casheti

New Member
Joined
May 3, 2006
Messages
4,421 (1.03/day)
Likes
29
#2
The vulnerability is there yes but let's think about this in real world terms, how many people running quicktime are actually going to be invaded/exploited using this method? I'm sure hackers or whatever have far better methods than this.
 

malware

New Member
Joined
Nov 7, 2004
Messages
5,422 (1.12/day)
Likes
954
Location
Bulgaria
Processor Intel Core 2 Quad Q6600 G0 VID: 1.2125
Motherboard GIGABYTE GA-P35-DS3P rev.2.0
Cooling Thermalright Ultra-120 eXtreme + Noctua NF-S12 Fan
Memory 4x1 GB PQI DDR2 PC2-6400
Video Card(s) Colorful iGame Radeon HD 4890 1 GB GDDR5
Storage 2x 500 GB Seagate Barracuda 7200.11 32 MB RAID0
Display(s) BenQ G2400W 24-inch WideScreen LCD
Case Cooler Master COSMOS RC-1000 (sold), Cooler Master HAF-932 (delivered)
Audio Device(s) Creative X-Fi XtremeMusic + Logitech Z-5500 Digital THX
Power Supply Chieftec CFT-1000G-DF 1kW
Software Laptop: Lenovo 3000 N200 C2DT2310/3GB/120GB/GF7300/15.4"/Razer
#3
The vulnerability is there yes but let's think about this in real world terms, how many people running quicktime are actually going to be invaded/exploited using this method? I'm sure hackers or whatever have far better methods than this.
Yes, but leaving world-wide known vulnerability in your own software code for a year, does not speak well for you either. ;)
 
Joined
Feb 19, 2006
Messages
5,692 (1.31/day)
Likes
1,364
Location
New York
System Name http://www.heatware.com/eval.php?id=73751
Processor i7-920 CO@4.2GHZ / ASUS GL553VW 15.6" Gaming Laptop NVIDIA GTX 960M 4GB Intel Core i56300HQ 8GB DDR4
Motherboard Asus P6T Deluxe Intel X58
Cooling Asetek Liquid CPU Cooling System
Memory CORSAIR DOMINATOR 6GB (3 x 2GB) DDR3 1600
Video Card(s) 2X ATI Radeon HD 4870 X2 2GB DDR5 PCI-Express
Storage (RAID-0) with 4 Identical Hard Drives (1.28TB (320GBx4)
Display(s) LG 50" 50PK550 1080p 600Hz Plasma/37 Inch WestingHouse @1920x1080
Case Thermaltake M9 (I hate it its like trying to live in a 1 inch box)
Power Supply ThermalTake ToughPower 1200 Watt
Software Windows 7 professional 64
#4
Yes, but leaving world-wide known vulnerability in your own software code for a year, does not speak well for you either. ;)
that app is utter crap anyways and so is its publisher!:nutkick:>apple
 
Joined
May 24, 2007
Messages
4,720 (1.21/day)
Likes
354
Location
Tennessee
System Name AM3+
Processor AMD FX-8350 @ 4715.73 MHz (23.5*200.63 MHz)
Motherboard ASUS Crosshair V Formula-Z AM3+ AMD 990FX SATA 6Gb/s USB 3.0 ATX AMD Motherboard
Cooling AMD 8150 Factory Water Cooler
Memory Corsair XMS3 16 GB 1333 MHz PC3-10666 240-Pin DDR3
Video Card(s) ASUS ROG MATRIX-R9290X-P-4GD5 Radeon R9 290X 4GB 512-Bit GDDR5 PCI Express 3.0
Storage SanDisk Ultra II 480GB, INTEL SS DSC2BW240A4, Western Digital WDC WD50 00AAKX-003CA0
Display(s) Acer S211HL bd 21.5-Inch Widescreen Ultra-Slim LED Display - Black
Case COOLER MASTER Elite 335 Upgraded RC-335U-KKN1 Black Steel / Plastic ATX Mid Tower Computer Case
Power Supply Corsair RM Series 850 Watt ATX/EPS 80PLUS Gold-Certified Power Supply - CP-9020056-NA RM850
Software Windows 10.0 Pro 64 Bit
#5
Now if Microsoft would only fix their vulnerablity issues on the Mac with MS Office... ;)
 

Helvetica

New Member
Joined
Sep 13, 2007
Messages
159 (0.04/day)
Likes
2
Processor Intel Core 2 Quad Q6600 Kentsfield 2.4GHz
Motherboard ASUS P5K-E/WIFI-AP
Memory 2GB DDR2 800mhz
Video Card(s) HD2900XT
Storage WD 10,000RPM
Display(s) 1920x1200
Audio Device(s) Creative
Power Supply 700w
#7
how about they dump quicktime? the thing is absolute trash. It's clogged up every rig I've ever owned.
 

WarEagleAU

Bird of Prey
Joined
Jul 9, 2006
Messages
10,809 (2.56/day)
Likes
529
Location
Gurley, AL
System Name Boddha Getta Boddha Getta Bah!
Processor AMD FX 6100 @ 4.432Ghz @1.382
Motherboard ASUS M5A99X EVO AMD 990X AMD SB950
Cooling Custom Water. EK 240MM Kit, Supreme HSF - Runs 35C
Memory 2 x 4GB Corsair Vengeance White LP @ 1.35V
Video Card(s) XFX Radeon HD 6870 980/1100
Storage WD Caviar Black 1.0TB, WD Caviar Green 1.0TB, WD 160GB
Display(s) Asus VH222/S 22: (21.5" Viewable) 1920x1080p HDMI LCD Monitor
Case NZXT White Switch 810
Audio Device(s) Onboard Realtek 5.1
Power Supply NZXT Hale 90 Gold Cert 750W Modular PSU
Software Windows 8.1 Profession 64 Bit
#8
I agree Casheti. I hardly use quicktime unless the thing I am viewing requires it.

I think the files play beautifully and look wow like, but honestly, its a hog and it sucks.