Windows QuickTime Zero-day Flaw Discovered
Windows QuickTime Zero-day Flaw Discovered
by , 9:40 AM EST, January 11th, 2008
A new security flaw in QuickTime 7.3.1 for Windows surfaced on Thursday that apparently lets an attacker take control of remote PCs. The vulnerability was discovered by Italian security researcher Luigi Auriemma who posted proof-of-concept code for the exploit on the Internet, according to InformationWeek.
The alleged flaw takes advantage of a buffer overflow bug that lets an attacker send malicious code when QuickTime attempts to access a Real-Time Streaming Protocol link and port 554 on the server is closed.
Symantec Security Response claimed that the flaw appears to be legit. The company's vice president of development, Alfred Huger, commented "The proof of concept code only managed to crash the product. But it's a safe assumption that if you can do that you may be able to execute remote code."
So far the flaw appears to impact only the Windows version of QuickTime, and to date there are no known instances of an actual attack based on the vulnerability. The likelihood that Windows users could see an actual attack based on Mr. Auriemma's sample code, however, is higher since he chose to publish his proof-of-concept before contacting Apple.
Observer Comments
Fri Jan 11, 2008 12:59 pm Subject: Although quite the bummer news...
Comments are currently closed. Please email the author instead.
Recent Headlines - Updated July 6th
- Fri, 10:29 AM
- News - Apple Warns of Learning Interchange Security Breach
- 7:30 AM
- News - Happy Fourth of July!
- Thu, 6:07 PM
- TMO Scoop - Psystar Moves to Drop Bankruptcy Ahead of Apple Legal Battle
- 5:37 PM
- News - Uncomfirmed Reports Say Apple & Nvidia On The Outs
- 4:57 PM
- News - Microsoft Sick Over Barf Ad
- 4:09 PM
- Product News - KRK Ships R6 Passive Studio Monitor for Recording
- 3:45 PM
- John Martellaro's Blog - Particle Debris (week ending 7/2) Juiced, Joost and Goosed
- 3:12 PM
- Product News - ExactScan 2 Pro Released
- 1:56 PM
- Deal Brothers - Apple TV with 160GB Hard Drive: $324.00 Delivered
- 12:46 PM
- TMO Appearances - TMO Appearances Jeff Gamet Shares iPhone Apps on MacJury
- 10:41 AM
- Product News - Art Text 2.2 Adds New Templates, Layer Options [Updated]
- 10:04 AM
- Hot Forum Topic - Deciphering Mac Sales
The Mac Observer Reader Specials
- Download Typestyler, still the Ultimate Styling Tool for Internet, Print and Video Graphics. Works great in Classic with a Native OS X Version on the way. Free Tryout: www.typestyler.com
OWC: Big Drives, High Performance - Not High Prices! SATA 3.5" up to 1.5TB. Notebook up to 500GB. FW up to 6.0TB. 1.0TB Drive Models from as low as $97.99 www.MacSales.com
If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!
RamJet Memory: MacBook and MacBook Pro 4GB kits for $57.99! Mac Pro 4GB Kits $99.99! iMac and Mac mini 4GB Kits for $57.99! 1TB SATA Hard Drives for $109.99! Click hereFor the latest Apple products use Ciao, a price comparison website, to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate mobile phones like the Apple iPhone.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
