Chat

**ChatsUSA** · 01-02-2007, 07:50 PM

An easy-to-exploit security vulnerability in Apple Computer's QuickTime media player could put millions of Macintosh and Windows users at risk of code execution attacks. The QuickTime flaw kicked off the Month of Apple Bugs project, which promises to expose unpatched Mac OS X and Apple application vulnerabilities on a daily basis throughout the month of January.

According to an advisory released Jan. 1, the flaw exists in the way QuickTime handles a specially rigged "rtsp://" URL. "By supplying a specially crafted string, [an] attacker could overflow a stack-based buffer, using either HTML, Javascript or a QTL file as attack vector, leading to an exploitable remote arbitrary code execution condition," said LMH, one of the mysterious hackers behind the controversial project. He described exploitation of the issue as "trivial" and warned that stack NX can also be rendered useless.

View: The full story

News source: eWeek

Read full story...

More...

01-02-2007, 07:50 PM	#1 (permalink)

ChatsUSA Management Posts: 11,609 Join Date: Feb 2005 Age: 4	Apple Vulnerability Project Launches with QuickTime Exploit An easy-to-exploit security vulnerability in Apple Computer's QuickTime media player could put millions of Macintosh and Windows users at risk of code execution attacks. The QuickTime flaw kicked off the Month of Apple Bugs project, which promises to expose unpatched Mac OS X and Apple application vulnerabilities on a daily basis throughout the month of January. According to an advisory released Jan. 1, the flaw exists in the way QuickTime handles a specially rigged "rtsp://" URL. "By supplying a specially crafted string, [an] attacker could overflow a stack-based buffer, using either HTML, Javascript or a QTL file as attack vector, leading to an exploitable remote arbitrary code execution condition," said LMH, one of the mysterious hackers behind the controversial project. He described exploitation of the issue as "trivial" and warned that stack NX can also be rendered useless. View: The full story News source: eWeek Read full story... More...

Chat

Arcade

Blogs

Albums

Support