Main Area and Open Discussion > Living Room

Vuln. Alert: QuickTime/iTunes Zero-Day BOF/RCE

(1/1)

Ehtyar:
Amazing that these things can still happen. The exploit uses an atypically long string to cause the application crash (please note the use of "denial of service" in the second link) and potentially allow arbitrary remote code execution on the effected machine.




A hacker has released attack code that exploits an unpatched vulnerability in Apple Inc.'s QuickTime, just a week after the company updated the media player to plug nine other serious vulnerabilities, a security researcher said Wednesday.

The exploit, which was published on the milw0rm.com site Tuesday, takes advantage of a flaw in the "<? quicktime type= ?>" parameter in QuickTime, which is not prepared to handle excessively-long strings, said Aaron Adams, a researcher with Symantec Corp.'s DeepSight threat notification network.

--- End quote ---

Full Story
Full Story 2

Ehtyar.

Navigation

[0] Message Index