Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Quicktime Vulnerablity


  • Please log in to reply
1 reply to this topic

#1 frankp316

frankp316

  • Members
  • 2,677 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 26 November 2007 - 01:18 PM

The US-CERT website has posted news of a security vulnerability in Quicktime. There's no solution yet so be careful with your iTunes.




http://www.kb.cert.org/vuls/id/659761

BC AdBot (Login to Remove)

 


#2 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:09:32 AM

Posted 27 November 2007 - 11:53 AM

^ Thanks for sharing ... Blog post with additional links below:

Posted Image Quicktime and possibly iTunes processing could be affected by malformed RSTP headers found in QT music formats. Users should be careful with email attachments and website visitation, plus watch for any forthcoming QT updates, as Apple will most likely patch this serious vulnerability promptly.

Apple QuickTime and iTunes Critical Vulnerabilities
http://secunia.com/advisories/27755/
http://isc.sans.org/diary.html?storyid=3690
http://www.frsirt.com/english/advisories/2007/3984
http://www.kb.cert.org/vuls/id/659761
http://www.f-secure.com/weblog/archives/00001325.html

QUOTE: Apple QuickTime contains a stack buffer overflow vulnerability in the way QuickTime handles the RTSP Content-Type header. This vulnerability may be exploited by convincing a user to connect to a specially crafted RTSP stream. Note that QuickTime is a component of Apple iTunes, therefore iTunes installations are also affected by this vulnerability. We are aware of publicly available exploit code for this vulnerability.

ISC UPDATE-1: We have received a report that exploits are now working for Vista, XP, IE6, IE7, and Safari 3.0 on Windows. Keep in mind that other attack vectors may be vulnerable as well.

ISC UPDATE-2: Firefox has been reported as an exploit vector as well.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users