QuickTime critical vunerability

Started by Gary, Nov 26, 2007, 18:10:34

Previous topic - Next topic

0 Members and 3 Guests are viewing this topic.

Gary

Quote from Secunia "A vulnerability in Apple QuickTime, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error when processing RTSP replies and can be exploited to cause a stack-based buffer overflow via a specially crafted RTSP reply containing an overly long "Content-Type" header.

Successful exploitation allows execution of arbitrary code and requires that the user is e.g. tricked into opening a malicious QTL file or visiting a malicious web site.

The vulnerability is confirmed in version 7.3. Other versions may also be affected.

NOTE: A working exploit is publicly available.

Solution:
Do not browse untrusted websites, follow untrusted links, nor open untrusted QTL files"
Damned, if you do damned if you don't

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Gary

I know, and you said last time it updated what bugs will this version bring  :hide2:
Damned, if you do damned if you don't

Rik

Apple just don't seem to be able to get to grips. Ever since they updated the software for Vista, there seems to have been a rash of fixes. Not good.  >:(
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Gary

I agree and now with an exploit in the wild that's bad news for us all, hopefully they will patch it quickly , what with that and FF this week its all go, thing is its not great for the casual browser who has no idea that there is even a vulnerability or where to look to find out such information,  >:(
Damned, if you do damned if you don't

Rik

Indeed not, Gary - they need greater protection from the software houses.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Gary

Back to that dumb terminal dare I say it, software rather than the OS is more the target these days than ever before, even XP is better than it used to be so hackers have got Vista which is a tough cookie XP and thats quite tight now, so its the plugins other programs and even the Antivirus software itself they go for  >:(
Damned, if you do damned if you don't

Rik

Life was easier when you only got a virus if you put an unknown floppy in your machine.  :police:
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Gary

Quote from: Rik on Nov 26, 2007, 18:31:21
Life was easier when you only got a virus if you put an unknown floppy in your machine.  :police:
Depends how drunk you were Rik *ahem* :evilb:
Damned, if you do damned if you don't

Lance

Thanks for the warning, Gary. I'm getting fed up with the constant Apple updates really, just wish they could sort their programs out!
Lance
_____

This post reflects my own views, opinions and experience, not those of IDNet.

Gary

Damned, if you do damned if you don't

Gary

For now I have blocked all all tcp and udp activity for Quicktime 7.3 in my firewall to help mitigate the issue, hope its patched soon its a nasty vulnerability  :(
Damned, if you do damned if you don't