QuickTime - Remote hacker manual control
| Version: | 7.2 and prior. |
| Technical Details: | A Security Update for QuickTime 7.2 has been released to address the .qtl arbitrary code execution vulnerability publicly disclosed by pdp of gnucitizen. Specifically, a command injection opportunity exists within the qtnext field in QTL files that could allow it to pass arbitrary command line arguments when opened by a vulnerable application. The update addresses the way that QTL files handle URLs internally. |
Description: |
Apple have released a Security Update for QuickTime 7.2 for Windows. This update addresses a publicly disclosed vulnerability that enables an attacker to potentially take control of a vulnerable system through the unique way that .qtl files handled and presented various content (demonstrated to affect XML content). |
Mitigation: |
Update to the latest version of QuickTime, available from the Updates link below, or from the Software Update Application (OS X) |
Updates: |
http://www.apple.com/quicktime |
Source: |
http://docs.info.apple.com/article.html?artnum=61798 |
Exploits: |
Numerous |
| External Tracking Data: | CVE-ID: CVE-2007-4673 |
Social bookmark this page
More information:
Subscribe to our feed.Security Portal2025202420232022202120202019201820172016201520142013201220112010200920082007 - December - November - OctoberPHP - Local hacker automatic controliPhone - Remote hacker automatic controlFirebird - Remote hacker automatic controlQuickTime - Remote hacker manual controlJava - Remote hacker automatic control - September - August - July - June - May - April - March - February - January20062005
General Advisories
Reach Us:
Reach us at
info@beskerming.com
Reach us via IM
Jabber:
Server - jabber.org.au
Account - Sunnet.Beskerming
AIM / iChat:
sunnetbeskerming
ICQ:
339742914
Google Talk:
Sunnet.Beskerming
Yahoo! Messenger:
sunnet.beskerming
MSN:
info@beskerming.com
Testimonials
"...extremely timely, accurate reporting..."
"...honesty which is refreshing..."