Quicktime vulnerability (again)

Started by Gary, Jan 11, 2008, 22:40:27

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Gary

Jan 11, 2008, 22:40:27
"A vulnerability in Apple QuickTime, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error when handling RTSP replies and can be exploited to cause a buffer overflow via e.g. sending a specially crafted reply containing an overly-long "Reason-Phrase".

Successful exploitation may allow execution of arbitrary code, but requires that the user is e.g. tricked into opening a malicious QTL file or visiting a malicious web site.

The vulnerability is reported in version 7.3.1.70. Other versions may also be affected" quoted from Secunia
Damned, if you do damned if you don't

Lance

#1
Jan 11, 2008, 22:57:11
I only updated my XP machine last weekend to the newest version. Argh!

Thanks for the heads up Gary. :)
Lance
_____

This post reflects my own views, opinions and experience, not those of IDNet.

Gary

#2
Jan 11, 2008, 23:22:47 Last Edit: Jan 11, 2008, 23:27:39 by Killhippie
Sorry about the spelling :D but its a real pain just as you patch, a new hole appears :(
Damned, if you do damned if you don't

Lance

#3
Jan 11, 2008, 23:28:28
Quote from: Killhippie on Jan 11, 2008, 23:22:47
Sorry about the spelling :D

Took me a minute to realise where you meant, but as if by magic...
Lance
_____

This post reflects my own views, opinions and experience, not those of IDNet.

Gary

#4
Jan 11, 2008, 23:34:28
Quote from: Lance on Jan 11, 2008, 23:28:28
Took me a minute to realise where you meant, but as if by magic...
Cheers Lance ;D
Damned, if you do damned if you don't
Print
Go Up Pages1
User actions