New QuickTime Vulnerability puts XP and Vista at Risk

Windows Security : New QuickTime Vulnerability puts XP and Vista at Risk

Posted by Max on 2007/11/27 12:31:52 (1297 reads)

New warnings have been issued recently by security researchers on an attack code aimed at what seems to be an unpatched bug in Apple Inc.'s QuickTime. In-the-wild attacks against systems running Windows XP and Vista are expected to follow. No precise statement about Mac OS X versions of the media player being liable to the same extent, was, however, made.

Both Symantec Corp. and the U.S. Computer Emergency Readiness Team emphasize that the danger lies in visiting malicious and fraudulent Web sites where this flaw (which comes with the player's handling of the Real Time Streaming Protocol -RTSP) becomes the target of the attackers due to expressly-crafted streaming content located within these sites. The flaw can also be exploited when opening a rigged QTL file attached to an e-mail message.

Symantec acknowledges Polish researcher Krystian Kloskowski as being the first to report the zero-day vulnerability on the milw0rm.com Web site Friday. Together with an anonymous researcher (InTeL), Kloskowski set about figuring out the problem – they came up with separate proof-of-concept models that performed on Windows XP SP2 and Windows Vista machines running QuickTime 7.2 or 7.3.

According to InTeL, Vista is more exposed to risk because QuickTimePlayer binary does not have Address Space Layout Randomization (ASLR) enabled. The latter represents a feature which designates at random data and application components, such as exe and dll files, to memory in order to make it much more difficult for the location of vital functions or vulnerable code to be traced.

Patrick Jungles, a Symantec researcher, reminded of previous QuickTime vulnerabilities and drew attention on the risk that some applications face due to their popularity.

QuickTime was last patched about three weeks ago, when Apple put out Version 7.3 to secure numerous critical image-rendering and Java-related vulnerabilities. A total of 31 flaws have been fixed this year alone through six QuickTime security-related updates.

Previous article - Next article

Other articles
2009/11/3 14:55:39 - BitDefender Top Ten Malware Threats for October 09
2009/11/3 14:29:38 - Nov. 09 Microsoft Security Intelligence Report
2009/10/7 15:19:17 - StopSign AntiVirus and Anti-Malware is Windows 7 Compatible
2009/10/7 15:11:26 - New Outlook Backup and Migration Software By Disk Doctors
2009/9/30 4:20:57 - Microsoft Security Essentials, FREE Security Tool Just Released
2009/9/28 14:31:52 - New Rogue Antispyware Cloaked To Infects Computers
2009/9/9 4:31:49 - Trend Micro Proves Leadership in URL Filtering and Web Security
2009/9/9 4:16:20 - New Free Tool to Clean Conficker Once and For All
2009/9/1 8:37:11 - Kaspersky Internet Security 2010 and Kaspersky Anti-Virus 2010 Out Now
2009/9/1 7:54:50 - NEW P2P Advertising Network Protects Users Against Lawsuits And Identity Theft

The comments are owned by the poster. We aren't responsible for their content.

Poster	Thread
janusz81	Posted: 2009/1/4 21:13 Updated: 2009/1/4 21:13
Just popping in Joined: 2009/1/4 From: Posts: 1	Re: New QuickTime Vulnerability puts XP and Vista at Risk free download hey ram jagjit singh, nude gallery peta, ali kat hairy pics, foto 9 artis porno, sexual tease video, hentai dbz gohan petit, male preteen nudist, teen under 16 years free porn, adult comics bdsm rapidshare, gambar stoking sexy