Trilight Zone Forum Index Trilight Zone
Privacy & Anonymity is our speciality !
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Severe QuickTime bug exposed

 
Post new topic   Reply to topic    Trilight Zone Forum Index -> Other OS
Author Message
tricore
Guest
PostPosted: Wed Jan 03, 2007 4:56 am    Post subject: Severe QuickTime bug exposed Reply with quote
Apple's QuickTime software has a highly serious bug that could leave Windows and Mac users open to attacks by malicious websites, according to a project aimed at disclosing Apple bugs throughout January.


The QuickTime flaw launches the Month of Apple Bugs (MOAB), which follows on from efforts such as the Month of Kernel Bugs and the Month of Browser Bugs. The bug was discovered by LMH, a MOAB organiser who hasn't disclosed his name.

The flaw affects any Windows or Mac OS X bug with QuickTime Player version 7.1.3 installed; previous versions are also probably vulnerable. The problem lies in the way QuickTime handles addresses beginning with "rtsp://", and can be exploited to create a stack-based buffer overflow using HTML, Javascript or a QTL file, LMH wrote.

The attack can execute malicious code and take over a system. "Exploitation of this issue is trivial," LMH wrote. He supplied a working exploit, which makes the problem all the more dangerous.

The problem hasn't been patched yet. Possible workarounds include uninstalling QuickTime and disabling the rtsp:// handler.

Secunia and FrSIRT both agreed the bug poses an immediate threat.
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Trilight Zone Forum Index -> Other OS All times are GMT
Page 1 of 1

 


Powered by phpBB © 2001, 2005 phpBB Group