QuickTime flaw could open Windows PCs to hackers

Firefox users most vulnerable; Internet Explorer users should be wary too.

Polish security researcher Krystian Kloskowski has published a proof-of-concept exploit for a vulnerability in Apple's QuickTime media player. The exploit, which makes use of a vulnerability in the way the RTSP-protocol is handled by QuickTime, could give hackers access to PCs that run Windows XP or Vista.

Researchers at Symantec, who published a detailed investigation into the exploit, say there are two ways for users to be affected: either by opening a malicious attachment in an email, or by browsing to a website that has a malicious QuickTime streaming object embedded into it. In the latter case, Symantec reports that the current exploit only affects Firefox users that have set QuickTime as their default multimedia player. However, it is very well possible for the exploit to be refined in the next few days, so that it might affect those browsing with Internet Explorer as well.

Until a patch has been released, system administrators are advised to close TCP 554 for outbound connections.

27 November 2007

Tags: quicktime, rtsp, symantec, vulnerability, windows. del.icio.us digg this

Fighting malware and spam

QuickTime flaw could open Windows PCs to hackers

December issue of VB published

Worm targets MS08-067 vulnerability

Microsoft to replace OneCare with free AV product

ICANN pulls plug on registrar favoured by cyber crooks

Disconnection of dubious provider sees spam levels plummet

Calendar of Events

Polls

Poll

VB2009