Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
QuickTime exploited by media-handling flaw
Published: 2007-11-26

A Polish researcher published on Friday exploit code for a previously unknown vulnerability in Apple's QuickTime media player, which can be triggered by a call to a real-time streaming server.

The flaw occurs in the way that the Windows version of the media player handles data from a server using the Real-Time Stream Protocol (RTSP), according to notes in the code posted on milw0rm. An attacker could use a file in the extensible markup language (XML) to refer a victim to the malicious server, if the file has the extension of a media type handled by the QuickTime player. The server would then send the exploit code and remotely exploit the system, Symantec security researcher Elia Florio stated on the company's blog.

"This attack requires users to double-click on the QuickTime multimedia attachment to run," Florio wrote. "It is worth bearing in mind that this attack may also work with other common media formats such as mpeg, .avi, and other MIME types that are associated with the QuickTime player."

Apple has had to fix dozens of flaws in its QuickTime player this year. In an update released at the beginning of this month, the company patched up seven security holes in the media player. The following week, the company patched 41 other vulnerabilities in software that ships with its Mac OS X operating system. Attackers have increasingly focused on media player software, especially Microsoft's Windows Media Player and Apple's QuickTime player, because the applications have become a ubiquitous feature of PCs and Macs.

The flaw -- discovered by researcher Krystian Kloskowski, also known as "h07" -- affects version 7.2 and version 7.3 of Apple's QuickTime media player running on Windows XP or Windows Vista. Both Internet Explorer 6 and 7, as well as the Safari browser, appear to have some protection against exploit of the flaw using the browsers as a vector, Symantec stated. Symantec is the owner of SecurityFocus.

Apple could not immediately be reached for comment.

If you have tips or insights on this topic, please contact SecurityFocus.

Posted by: Robert Lemos
    Digg this story   Add to  
Comments Mode:


Privacy Statement
Copyright 2009, SecurityFocus