Vulnerabilities: First QuickTime bug of 2008
January 12, 2008 by Shanmuga
Filed under Vulnerabilities
"Luigi Auriemma, a 27-year-old Italian researcher who broke the news of the flaw on Thursday, said that the most recent version of QuickTime is prone to a buffer overflow that, if successfully exploited, gives the attacker free rein over a user’s computer. He posted information and proof-of-concept code on security site, milw0rm, his own website and multiple mailing lists.
The problem, said Auriemma, is when QuickTime tries to open a Real-Time Streaming Protocol (RTSP) connection and the server has closed TCP Port 544. The player then automatically tries to open an HTTP connection on Port 80. An attacker can exploit the weakness by duping a user into visiting a malicious site that includes an rtsp:// link; when QuickTime fails to connect, it would automatically seek out an HTTP server on the same system. The attacker, of course, would have made sure that there was an HTTP server there and would have populated it with the exploit." Techworld.com - First QuickTime bug of 2008
If you enjoyed this post, make sure you subscribe to my RSS feed!
Comments
Everyone has an Opinion...why don't you share yours and oh, if you want a pic to show with your comment, go get a gravatar! or you can even subscribe to our comments feed.