• We've upgraded our forums. Please post any issues/requests in this thread.

New Zero-Day QuickTime Vulnerability Emerges

malware

New Member
Joined
Nov 7, 2004
Messages
5,422 (1.13/day)
Likes
954
Location
Bulgaria
Processor Intel Core 2 Quad Q6600 G0 VID: 1.2125
Motherboard GIGABYTE GA-P35-DS3P rev.2.0
Cooling Thermalright Ultra-120 eXtreme + Noctua NF-S12 Fan
Memory 4x1 GB PQI DDR2 PC2-6400
Video Card(s) Colorful iGame Radeon HD 4890 1 GB GDDR5
Storage 2x 500 GB Seagate Barracuda 7200.11 32 MB RAID0
Display(s) BenQ G2400W 24-inch WideScreen LCD
Case Cooler Master COSMOS RC-1000 (sold), Cooler Master HAF-932 (delivered)
Audio Device(s) Creative X-Fi XtremeMusic + Logitech Z-5500 Digital THX
Power Supply Chieftec CFT-1000G-DF 1kW
Software Laptop: Lenovo 3000 N200 C2DT2310/3GB/120GB/GF7300/15.4"/Razer
#1
Apple updated QuickTime to version 7.3 recently to address a much-exploited bug, but a new QuickTime vulnerability has emerged, prompting security agencies to issue warnings to those running QuickTime on either Windows XP or Windows Vista. There is no word yet on whether Mac OS X is vulnerable to the new QuickTime bug. Apple's QuickTime is vulnerable to malware disguised as streaming video, and attack code has been published on the milw0rm.com web site. According to the U.S. Computer Emergency Readiness Team, QuickTime versions 7.2 and 7.3, and perhaps earlier versions, contain a buffer-overflow bug. "Apple QuickTime contains a stack buffer overflow vulnerability in the way QuickTime handles the RTSP Content-Type header," US-CERT said. "This vulnerability may be exploited by convincing a user to connect to a specially crafted RTSP stream." RTSP is the Real-Time Streaming Protocol, which QuickTime supports. When users click on a link for a malicious RTSP stream, an attacker might be able to execute arbitrary code on the compromised system. Solutions of limiting this vulnerability until a new patch is released, can be found here.

Show full news post
 
Joined
Jul 30, 2007
Messages
6,560 (1.73/day)
Likes
835
System Name Vintage
Processor i7 - 3770K @ Stock
Cooling Scythe Zipang II
Memory 2x4GB Crucial DDR3
Video Card(s) MSI GTX970
Storage M4 124GB SSD// WD Black 640GB// WD Black 1TB//Samsung F3 1.5TB
Display(s) Samsung SM223BW 21.6"
Case Generic
Power Supply Corsair HX 520W
Software Windows 7
#3
F-22, do you really hate Macs that much?
this has nothing to do with Macs, its a Quicktime problem - and although i don't use it i hope they get this problem sorted out!