QuickTime RTSP Vulnerability Proof-of-concept Surfaces

A few days after a flaw was discovered in the QuickTime handling of the Real Time Streaming Protocol (RTSP), researchers have been able to craft a proof-of-concept exploit, according to Computerworld on Thursday.

"This particular exploit can cause remote code execution through the QuickTime RTSP protocol vulnerability on Microsoft Windows and Apple systems," Symantec said. "This is the first working exploit for Apple systems that we have observed."

The appearance of a proof-of-concept exploit at the site milw0rm.com has be characterized as a "tripwire" by Symantec. "Once we see something in Metasploit, we know itis likely weill see it used in attacks," Alfred Huger, vice president of engineering with Symantecis security response group said last summer.

The proof-of-concept works on Intel or PPC Macs running Tiger or Leopard with QuickTime 7.2 or 7.3 (It also affects Windows XP SP2.) Symantec explained how it might work along with some preventive measures.

Apple has not yet published a fix.