Skip to navigation

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.

Latest News

Security hole found in QuickTime

Posted on 27 Nov 2007 at 09:27

A security researcher has discovered an "extremely critical" flaw in QuickTime for Windows XP.

QuickTime 7.3's handling of the Real Time Streaming Protocol (RTSP) can be exploited to compromise a user's system, says Krystian Kloskowski, who has developed, but not published an exploit.

The vulnerability is caused due to a boundary error when processing RTSP replies, which can be exploited to cause a stack-based buffer overflow, explains security firm, Secunia.

Successful exploitation allows execution of arbitrary code, though execution requires that the user is persuaded or tricked into opening a malicious QTL file or visiting a malicious website.

Kloskowski discovered the flaw in QuickTime Player 7.3 running on Windows XP SP2, but further investigation by Symantec reveals that the vulnerability is restricted to specific browsers, most notably Firefox - with Internet Explorer 6/7 and Safari 3 Beta the attack is prevented.

The US Computer Emergency Readiness Team (US-CERT) has published a number of workarounds that may help to prevent exploitation, though they may hamper normal computer usage.

Until Apple releases a fix, users are best advised to follow Secunia's advice and standard good practice: do not browse untrusted websites, follow untrusted links or open untrusted QTL files.

Author: Simon Aughton

Be the first to comment this article

You need to Login or Register to comment.

(optional)

advertisement

Latest Blog Posts Subscribe to our RSS Feeds
Latest Reviews Subscribe to our RSS Feeds
Latest Real World Computing

advertisement

Sponsored Links
 
SEARCH
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2008