1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

New Zero-Day QuickTime Vulnerability Emerges

Discussion in 'News' started by malware, Nov 27, 2007.

  1. malware New Member

    Nov 7, 2004
    5,422 (1.18/day)
    Thanks Received:
    Apple updated QuickTime to version 7.3 recently to address a much-exploited bug, but a new QuickTime vulnerability has emerged, prompting security agencies to issue warnings to those running QuickTime on either Windows XP or Windows Vista. There is no word yet on whether Mac OS X is vulnerable to the new QuickTime bug. Apple's QuickTime is vulnerable to malware disguised as streaming video, and attack code has been published on the milw0rm.com web site. According to the U.S. Computer Emergency Readiness Team, QuickTime versions 7.2 and 7.3, and perhaps earlier versions, contain a buffer-overflow bug. "Apple QuickTime contains a stack buffer overflow vulnerability in the way QuickTime handles the RTSP Content-Type header," US-CERT said. "This vulnerability may be exploited by convincing a user to connect to a specially crafted RTSP stream." RTSP is the Real-Time Streaming Protocol, which QuickTime supports. When users click on a link for a malicious RTSP stream, an attacker might be able to execute arbitrary code on the compromised system. Solutions of limiting this vulnerability until a new patch is released, can be found here.

    Source: NewsFactor Network
    10 Year Member at TPU
  2. F-22 New Member

    Nov 9, 2007
    103 (0.03/day)
    Thanks Received:
  3. WhiteLotus


    Jul 30, 2007
    6,560 (1.81/day)
    Thanks Received:
    F-22, do you really hate Macs that much?
    this has nothing to do with Macs, its a Quicktime problem - and although i don't use it i hope they get this problem sorted out!

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)