Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Quicktime Vulnerablity

  • Please log in to reply
1 reply to this topic

#1 frankp316


  • Members
  • 2,677 posts
  • Local time:08:32 AM

Posted 26 November 2007 - 01:18 PM

The US-CERT website has posted news of a security vulnerability in Quicktime. There's no solution yet so be careful with your iTunes.


BC AdBot (Login to Remove)


#2 harrywaldron


    Security Reporter

  • Members
  • 509 posts
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:09:32 AM

Posted 27 November 2007 - 11:53 AM

^ Thanks for sharing ... Blog post with additional links below:

Posted Image Quicktime and possibly iTunes processing could be affected by malformed RSTP headers found in QT music formats. Users should be careful with email attachments and website visitation, plus watch for any forthcoming QT updates, as Apple will most likely patch this serious vulnerability promptly.

Apple QuickTime and iTunes Critical Vulnerabilities

QUOTE: Apple QuickTime contains a stack buffer overflow vulnerability in the way QuickTime handles the RTSP Content-Type header. This vulnerability may be exploited by convincing a user to connect to a specially crafted RTSP stream. Note that QuickTime is a component of Apple iTunes, therefore iTunes installations are also affected by this vulnerability. We are aware of publicly available exploit code for this vulnerability.

ISC UPDATE-1: We have received a report that exploits are now working for Vista, XP, IE6, IE7, and Safari 3.0 on Windows. Keep in mind that other attack vectors may be vulnerable as well.

ISC UPDATE-2: Firefox has been reported as an exploit vector as well.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users