Subscribe to Malware Help RSS Feed RSS Feed - Subscribe to Malware Help. Org on Twitter Follow on Twitter - Malware Help YouTube Channel YouTube Channel - Subscribe to Malware Help by Email Subscribe by Email

Vulnerabilities: First QuickTime bug of 2008

by Shanmuga| Tweet This | Google +1 | Facebook | Stumble It | Reddit | Digg |

mho0029-04-jan-08.jpg"Luigi Auriemma, a 27-year-old Italian researcher who broke the news of the flaw on Thursday, said that the most recent version of QuickTime is prone to a buffer overflow that, if successfully exploited, gives the attacker free rein over a user’s computer. He posted information and proof-of-concept code on security site, milw0rm, his own website and multiple mailing lists.

The problem, said Auriemma, is when QuickTime tries to open a Real-Time Streaming Protocol (RTSP) connection and the server has closed TCP Port 544. The player then automatically tries to open an HTTP connection on Port 80. An attacker can exploit the weakness by duping a user into visiting a malicious site that includes an rtsp:// link; when QuickTime fails to connect, it would automatically seek out an HTTP server on the same system. The attacker, of course, would have made sure that there was an HTTP server there and would have populated it with the exploit." – First QuickTime bug of 2008

{ 0 comments… add one now }

Leave a Comment

Previous post:

Next post: