New QuickTime buffer vulnerability exposed
updated 11:30 am EST, Mon November 26, 2007
New QuickTime flaw exposed
A new vulnerability in the QuickTime media player has been exposed, says the computer security firm Secunia. The group has just issued a fresh advisory, which points out that a boundary error can be created when processing RTSP replies, simply by using an overly long "Content-Type" header. This in turn leads to a stack-based buffer overflow, which grants attackers the ability to launch arbitrary code. The vulnerability is only confirmed to work on QuickTime 7.3 at present, however, and requires victims to open a QTL file or visit a malicious website.
Secunia does caution that other versions of QuickTime may be exposed, and that the exploit is already out in public. Since Apple has yet to respond to the problem, QuickTime users are warned to avoid unfamiliar links and websites, and never open QTL files from untrusted sources.
Wow...
11/26, 12:06pm reply
this could be bad. Fix, apple?
W
VValdo
Dedicated MacNNer
Joined: May 2001
I should add...
11/26, 12:08pm reply
I think Leopard's library randomization may help... so actually Tiger users may be more vulnerable.
W
VValdo
Dedicated MacNNer
Joined: May 2001
Re: i should add
11/26, 12:18pm reply
actually, its probably more of a concern for windows users.
But leopard's library randomization has lot's of flaws in it that don't make it as helpful as it could be.
testudo
Fresh-Faced Recruit
Joined: Aug 2001
time again
11/26, 12:54pm reply
for the ignorant to panic.
People - this is nothing. And when SHOULDN'T Windows users be concerned, testicular? The fact they use Windows should be cause for normal people to be concerned for them.
Doofuses.
robttwo
Fresh-Faced Recruit
Joined: Nov 2005
Thanks for clearing that
11/27, 10:02pm reply
thanks for clearing that up robttwo with your insightful technical analysis.
W
VValdo
Dedicated MacNNer
Joined: May 2001