Latest QuickTime bug leaves XP, Vista vulnerable

Summary:Security researchers say that a new QuickTime flaw has gone public and leaves XP and Vista vulnerable to attack.According to Secunia, the latest QuickTime bug "can be exploited by malicious people to compromise a user's system.

Security researchers say that a new QuickTime flaw has gone public and leaves XP and Vista vulnerable to attack.

According to Secunia, the latest QuickTime bug "can be exploited by malicious people to compromise a user's system." A working exploit is public and the vulnerability has been confirmed for version 7.3. Secunia calls the bug "extremely critical."

Based on the original report from "h07," Apple apparently didn't enable a security feature. Here's h07's tale:

[*] On Vista the QuickTimePlayer and the .gtx modules dont have ASLR enabled, NO RANDOMIZATION :) [*]All the 7.3 and 7.2 DLL modules are SafeSEH enabled, except for the .gtx modules, that is how u bypass the SEH Restrictions in XP and in Vista!! so we use Addys from there. [*]There are ALOT of filtered characters so choose your shellcode wisely or you will run into Access Violations Since I didnt feel like wasting my time going through all the filtered Characters, go through it yourself. - Here are some \x4b, \x59, \x79 [*]I did hit my shellcode but b/c i havent gone through all the filtered characters i got an Access Violation in the shellcode [*]Can be easily modified to keep accepting clients with a lil modding, do it yourself u noobs

[***]Here is an example of how to embed a streaming the quicktime redirection to the RTSP exploit. http://quicktime.tc.columbia.edu/users/iml/movies/mtest.html cough use w/ an iframe cough

The U.S. computer emergency readiness team has more in plain old English. Key excerpts:

Apple QuickTime contains a stack buffer overflow vulnerability in the way QuickTime handles the RTSP Content-Type header. This vulnerability may be exploited by convincing a user to connect to a specially crafted RTSP stream. Note that QuickTime is a component of Apple iTunes, therefore iTunes installations are also affected by this vulnerability. We are aware of publicly available exploit code for this vulnerability.

By convincing a user to connect to a specially crafted RTSP stream, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. An attacker can use various types of web page content, including a QuickTime Media Link file, to cause a user to load an RTSP stream.

We are currently unaware of a practical solution to this problem. Please consider the following workarounds. Note that these workarounds will not address the vulnerability, but they may help block certain attack vectors for the vulnerability.

Also see Computerworld.

Ryan is on vacation.

Topics: Windows, Hardware, Microsoft, Mobility, Security

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.