In association with heise online

26 November 2007, 10:23

Yet another critical vulnerability in Quicktime 7.3

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

USCert has issued a warning concerning a buffer overflow in the current version of Apple QuickTime. Attackers can manipulate content type headers in an RTSP data stream to cause a buffer overflow that allows malicious code to be injected into the system under attack. Users of Apple's iTunes multimedia software are also affected by the hole because the current version of QuickTime is installed on systems when iTunes is installed.

Demo programs that reportedly demonstrate the vulnerability have already popped up in the milw0rm archive. Until Apple releases a patch for this vulnerability, the only workaround for the playback of RTSP streams is to use other software or to restrict the use of streaming data via the firewall. Users are also advised to be careful with QuickTime Link files (.qtl), which can also reference RTSP sources. Apple released version 7.3 only a few weeks ago.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit