Symantec: QuickTime Flaw Poses Security Threat

The security and virus protection software company Symantec is warning that Appleis QuickTime Player application may be open to malicious attacks. According to the company, both QuickTime 7.2 and QuickTime 7.3 are vulnerable to attacks that could lead to denial of service conditions or the execution of unauthorized code on the useris PC.

Symantec claims the threat stems from the way QuickTime Player handles RTSP Response headers. A specially-crafted header could create a buffer overflow because QuickTime apparently does not properly bounds-check incoming data.

The company did not state if this is a Windows-only problem, or if Mac OS X users are at risk, too. Since an attacker could use this flaw to remotely install applications without user consent, however, this is most likely a bigger threat to Windows users because Microsoftis operating systems are routinely the targets of malware and spyware attacks.