Latest QuickTime bug leaves XP, Vista vulnerable

Latest QuickTime bug leaves XP, Vista vulnerable

Summary: Security researchers say that a new QuickTime flaw has gone public and leaves XP and Vista vulnerable to attack.According to Secunia, the latest QuickTime bug "can be exploited by malicious people to compromise a user's system.

SHARE:

Security researchers say that a new QuickTime flaw has gone public and leaves XP and Vista vulnerable to attack.

According to Secunia, the latest QuickTime bug "can be exploited by malicious people to compromise a user's system." A working exploit is public and the vulnerability has been confirmed for version 7.3. Secunia calls the bug "extremely critical."

Based on the original report from "h07," Apple apparently didn't enable a security feature. Here's h07's tale:

[*] On Vista the QuickTimePlayer and the .gtx modules dont have ASLR enabled, NO RANDOMIZATION :) [*]All the 7.3 and 7.2 DLL modules are SafeSEH enabled, except for the .gtx modules, that is how u bypass the SEH Restrictions in XP and in Vista!! so we use Addys from there. [*]There are ALOT of filtered characters so choose your shellcode wisely or you will run into Access Violations Since I didnt feel like wasting my time going through all the filtered Characters, go through it yourself. - Here are some \x4b, \x59, \x79 [*]I did hit my shellcode but b/c i havent gone through all the filtered characters i got an Access Violation in the shellcode [*]Can be easily modified to keep accepting clients with a lil modding, do it yourself u noobs

[***]Here is an example of how to embed a streaming the quicktime redirection to the RTSP exploit. http://quicktime.tc.columbia.edu/users/iml/movies/mtest.html cough use w/ an iframe cough

The U.S. computer emergency readiness team has more in plain old English. Key excerpts:

Apple QuickTime contains a stack buffer overflow vulnerability in the way QuickTime handles the RTSP Content-Type header. This vulnerability may be exploited by convincing a user to connect to a specially crafted RTSP stream. Note that QuickTime is a component of Apple iTunes, therefore iTunes installations are also affected by this vulnerability. We are aware of publicly available exploit code for this vulnerability.

By convincing a user to connect to a specially crafted RTSP stream, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. An attacker can use various types of web page content, including a QuickTime Media Link file, to cause a user to load an RTSP stream.

We are currently unaware of a practical solution to this problem. Please consider the following workarounds. Note that these workarounds will not address the vulnerability, but they may help block certain attack vectors for the vulnerability.

Also see Computerworld.

Ryan is on vacation.

Topics: Windows, Hardware, Microsoft, Mobility, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

141 comments
Log in or register to join the discussion
  • It's time to boicott QuickTime libraries due too many security flaws!

    It's time to boicott QuickTime libraries due too many security flaws!
    Bye Bye QuickTime
    qmlscycrajg
    • Thats strange .

      I find it strange that all these issues are affecting the Windows platform and not the
      Mac platform . I read about this issue at computerworld.com on Friday and ran
      into this other issue that Microsoft has been dragging their feet on for quite
      sometime .

      "Microsoft confirms that XP contains random number generator bug."
      http://www.computerworld.com/action/article.do?
      command=viewArticleBasic&articleId=9048438&intsrc=hm_list
      <BR>
      <BR>
      It is just amazing to me that a company which has the resources Microsoft has
      would use a flawed random number generating algorithm when it could have easily
      bought a mature, field-tested, really secure version for use in its products. An
      intruder should not be able to predict the output of a decent random number
      generator - even if he has been given the exact details of the algorithm being used.
      <BR>
      <BR>
      Im betting APPLE will have their fix out the door before Microsoft
      Intellihence
      • XP?

        Why are you ranting about XP when its 6 years old. Shall we rant about Apple OS 9?

        Hmmm, Apple seems to be the only ones that can't secure their media player on Windows. Guess they need lessons from MS.
        No_Ax_to_Grind
        • OS X and XP are on par with age .

          To even bring OS 9 into this is retarded on your part . Funny how many third party
          apps can't code properly for Windows . Can you say URI !!! Microsoft still hasn't fixed
          it . Why is Microsoft dragging it's feet on this ?
          Intellihence
          • hey leopard what part of it's appel software do you not understand

            hey leopard what part of it's appel software do you not understand. anyone with half a brain would not use any apple software on there pc.

            you really need to play with all the bugs in leopard. Microsoft has a hard time keeping it's os updated with out fixing apples crappy software.

            like i said no one ii know uses quick time theres a way to use your ipod if you must have one with out using itunes and quick time. just search it out on google.

            when leopard came out full of bugs it was 3rd party hacks and non-compatible software. you guys can't have it both ways.

            OSX is only safe because it's locked to a system with such a small footprint in the computing world.

            and it's locked to apple pc's. take that same os and let everyone install it on what ever they wanted and it would have as many problems as windows.

            i would bet it would have a lot more why because apple can't code anything that just works unless it is on there hardware. then apple would be just like windows it would have the incompatibility issues and it would be attacked just like windows.

            because it would have a user base big enough to make it worth the crackers wild to write virus' worms and other nasties for it.
            SO.CAL Guy
          • Leopard has been fixed already , can you say the same for vista .

            Vista has been out for over a year , and yet no service pack . Leopard has been out
            for a month and the updates already fixed the issues . What are you babbling about
            now ?
            If anything you should do your homework and realize that Microsoft has not yet
            fixed it's URI handler problem , to make matters worse , Microsoft's random
            number generator is serious flawed . Even a hacker could guess the output of the
            generator easily ,,,

            "Microsoft confirms that XP contains random number generator bug"

            http://www.computerworld.com/action/article.do?
            command=viewArticleBasic&articleId=9048438&intsrc=hm_list

            So Microsoft finally admitted to that flaw the way they finally admitted the URI flaw
            , but no , you MS shills and zealots claimed it was Firefox's fault , no it's Safari's
            fault , it is the fault of every 3rd party developers . According to you folks it was
            never Microsoft's fault , guess what , Microsoft dropped the ball and admitted it's
            their fault . Do yourself and everyone else here a favor , and stop foaming at the
            mouth , you are making all Microsoft users look really BAD with your ignorance and
            personal attacks .
            Intellihence
          • Retarded?

            [b]Why is Microsoft dragging it's feet on this ?[/b]

            To give you something to whine about? That is my guess.
            Duke E. Love
          • My guess is that Microsoft

            is introducing these bugs into XP so people will have a reason to move on to Vista . To
            be honest with you , like so many before me have stated , there is absolutely no
            compelling reason to move on to Vista . Fact , many are waiting for Windows 7 ,,,
            Intellihence
          • Carl you can't be serious , are you ?

            Why would apple bite the hand that is feeding it ? Quicktime & iTunes = iPod , iPhone
            , iTouch . Apple is making most of it's money off of Windows users , after all they have
            the highest market share . APPLE users really aren't bringing in the bread and butter
            like Windows users .
            Intellihence
          • FUD FUD FUD FUD FUD FUD FUD!!!

            Its' F.U.D. like that which causes bad things to be said about Vista and Microsoft in general.

            1) Document your PROOF that Microsoft is <U>intentionally</U> INTRODUCING vaulnerablities into it's OWN Operating System.

            2) If you CAN'T document it, PUBLICALLY admit to your slanderous remarks about Microsoft in this SAME forum.

            Personally, if I were a Microsoft attorney, I would immediately institute Slander proceedings against you in a court of Law, sir.

            Since I am not, there is not much I can do except respond like this, in a public forum.

            Now, if you were just blowing **** out of your hiney, and weren't actually serious about your slanderous remarks, a simple public apology to Microsoft will suffice.

            I would also advise you to apologize to ZDNet for using their public forum to spread slanderous "F.U.D" about Microsoft. They too, could be culpable for allowing you to publish your slander. I'm sure they want to stay on the good side of Microsoft.

            In case you don't understand common English, "F.U.D" is an acronynm for "Fear, Uncertainty, and Doubt". In other words, "idiotic rumour-mongering".

            However, the line between "idiotic rumour-mongering" and intentionally spreading lies for the purpose of causing harm to Microsoft's (or anyone's) business is subject to Federal and State Law.

            You, sir, seem to have crossed that line. Not only did you make a "conjecture" about Microsoft engaging in criminal behavior (a "conjecture" is, of course,a 1st Amendment Right), WITHOUT supporting your argument, you went FURTHER, and used your conjecture as a basis for attempting to predujice others from using Microsoft Vista. This is NOT within your right of Free Speech, in my opinion. Of course, I am not a Supreme Court Judge (or any other kind of judge). My words are my own. But I do not believe I am an ignorant man when it comes to Right and Wrong.


            Donald L McDaniel
            zarathustra2010
          • Microsoft is intentionally INTRODUCING vaulnerablities

            The proof is in the pudding.

            NO ONE could possibly accidently introduce
            THAT may bugs, so obviously some of them, at
            least, must have crept in intentionally.

            Come on fans, NOBODY has accidents ALL the
            time. After while it ceases to be
            accidental, so it's GOT to be something
            else.
            Ole Man
          • That xplain the vulnerabilities

            in OSX Tiger, then

            My guess is that Apple had introduced these bugs into Tiger so people will have a reason to move on to Leopard. Though the fact is, many people are waiting and not upgrading to it just yet.
            GuidingLight
          • While they aren't vulnerabilities...

            Microsoft has intentionally introduced incompatibilities into their code - google on Microsoft VS Digital Research DOS - it happened when they released Windows 3.1

            Every once in a while, I'll hear someone say "If Microsoft's OS is so bad, why doesn't someone else make a better one?" And to that, I answer - THEY WON'T LET THEM. DR Dos WAS a superior OS. Microsoft knew this, and it bothered them so much that they intentionally introduced incompatibilities into their code.

            Have all the Microsoft lawyers you want sue me for telling the truth. Bring it.

            -Mike
            SpikeyMike
        • Be careful what you ask for...

          >"Apple seems to be the only ones that can't secure their media player on Windows. Guess they need lessons from MS"

          In the order they fell out of Google:

          1. http://support.microsoft.com/kb/320920 "Microsoft has released an update for Windows Media Player that includes the functionality of all of the previously released patches for Windows Media Player 6.4, 7.1, and Windows Media Player for Windows XP."
          2. http://www.us-cert.gov/cas/techalerts/TA06-045A.html "Microsoft Security Bulletins for February 2006 address vulnerabilities in Microsoft Windows, Windows Media Player, and Internet Explorer."
          3. http://www.microsoft.com/technet/security/Bulletin/MS06-005.mspx "Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565)
          4. http://www.microsoft.com/technet/security/Bulletin/MS06-078.mspx "Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689)


          I could go on...there are probably lots of duplicates...plug ""windows media player" vulnerable "microsoft.com"" into Googles advanced search and you will find "about 17,500 hits" for it.

          So, Leopard is repetitive. So are you.
          Cardinal_Bill
          • Oh yeah...

            Before you start in on how old the articles are...restrict it to the articles in the last 90 days and you'll find "about 283".
            Cardinal_Bill
        • thats cuz os 9 blows

          deal with it.

          its about computing POWER... not pretty looks. (all in ones are not powerful enough anyways for the l33t)


          laaawwwwwwwlllllllllll
          pcguy777
      • APPLE

        "Im betting APPLE will have their fix out the door before Microsoft"
        Well DUH! [b]They are the IDIOTS that wrote the bad code in the first place![/b]
        justanitguy
        • Message has been deleted.

          Intellihence
          • Wow, nice job of passing the buck

            [i]Why is this affecting Windows only and not Macintoshes.[/i]

            Last I checked this was a Quicktime bug. It's not listed as a Windows bug. Yet here you are blaming MS for the bug. Now that is devotion.

            "Beyond the login screen, a Leopard is stuck"

            http://www.tomsguide.com/us/2007/11/22/more_leopard_problems_plague_apple/
            Badgered
          • My Leopard was never stuck at the login , if anything it has been fixed .

            When will Microsoft fix it's URI handling problem and now it's random number
            generator . These are very serious flaws and Microsoft is still dragging their feet , in
            the hopes that the masses will buy Vista .


            snicker , snort , smirk
            Intellihence