Windows QuickTime Zero-day Flaw Discovered
Windows QuickTime Zero-day Flaw Discovered
by , 9:40 AM EST, January 11th, 2008
A new security flaw in QuickTime 7.3.1 for Windows surfaced on Thursday that apparently lets an attacker take control of remote PCs. The vulnerability was discovered by Italian security researcher Luigi Auriemma who posted proof-of-concept code for the exploit on the Internet, according to InformationWeek.
The alleged flaw takes advantage of a buffer overflow bug that lets an attacker send malicious code when QuickTime attempts to access a Real-Time Streaming Protocol link and port 554 on the server is closed.
Symantec Security Response claimed that the flaw appears to be legit. The company's vice president of development, Alfred Huger, commented "The proof of concept code only managed to crash the product. But it's a safe assumption that if you can do that you may be able to execute remote code."
So far the flaw appears to impact only the Windows version of QuickTime, and to date there are no known instances of an actual attack based on the vulnerability. The likelihood that Windows users could see an actual attack based on Mr. Auriemma's sample code, however, is higher since he chose to publish his proof-of-concept before contacting Apple.
Observer Comments
Fri Jan 11, 2008 12:59 pm Subject: Although quite the bummer news...
Comments are currently closed. Please email the author instead.
Recent Headlines - Updated November 9th
- Mon, 8:49 AM
- News - ikee Worm Rickrolls Jailbroken iPhones
- 8:14 AM
- Product News - Client Folder Maker 3.5 Adds Snow Leopard Support
- Sun, 11:59 AM
- Mac Geek Gab Podcast - MGG 226: Magic Mouse, Apple Battery Secrets, Q&A
- Sat, 7:58 PM
- News - Apple TV 3.0.1 Update Fixes Missing Content Bug
- Fri, 7:45 PM
- Rumor - Taiwan Leak Shows Verizon UTMS/CDMA iPhone for Q3 2010
- 6:40 PM
- News - iPhone Moves Into RadioShack
- 6:30 PM
- News - Apple to Open Stunning Paris Apple Store in Le Louvre on Saturday
- 5:43 PM
- Free on iTunes - Dictionary, Dictionary, Dictionary, And More
- 4:09 PM
- John Martellaro's Blog - Particle Debris (week ending 11/6) Failure IS an Option
- 3:32 PM
- Games - The Latest App Store Games: Gravity Sling, RocketBird, Ground Effect, Checkers!
- 2:25 PM
- Games - Star Soccer 2010 for Mac Puts Gamers in Role of Up-and-Coming Player
- 2:15 PM
- How-To - The Mysteries of Rosetta Housekeeping
The Mac Observer Reader Specials
- TypeStyler For Mac OS X is Now Shipping! Download The Free Fully Functional 60 Day Tryout at www.typestyler.com
RamJet Memory: Mac Pro 8-core 8GB Kit $199.99, 4GB Kits $109.99! Sale on MacBook and MacBook Pro 8GB kits $549.99! New MacBook DDR3 2GB for $49.99. iMac and Mac mini 4GB Kits for $79.99! 1TB SATA Hard Drives for $109.99! Click here
OWC: Get the Right Memory / Ram for your Mac. Top Quality, Competitive Prices, Lifetime Warranty. Expert Support and Video Installation Guidies too! 4.0GB Matched Sets from $87.99, Options up to 32GB. Click here
If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!For the latest Apple products use Ciao, a price comparison website, to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate mobile phones like the Apple iPhone.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
