Site Network: | | Jongsma & Jongsma

Security for All

Sûnnet Beskerming is a company with a focus and a drive to provide Information Security services for all those who want to stay safe and secure in an online world.

Username: | Password: Contact us to request an account

QuickTime - Remote hacker manual control

Version: 7.2 and prior.
Technical Details:

A Security Update for QuickTime 7.2 has been released to address the .qtl arbitrary code execution vulnerability publicly disclosed by pdp of gnucitizen.

Specifically, a command injection opportunity exists within the qtnext field in QTL files that could allow it to pass arbitrary command line arguments when opened by a vulnerable application. The update addresses the way that QTL files handle URLs internally.


Apple have released a Security Update for QuickTime 7.2 for Windows. This update addresses a publicly disclosed vulnerability that enables an attacker to potentially take control of a vulnerable system through the unique way that .qtl files handled and presented various content (demonstrated to affect XML content).


Update to the latest version of QuickTime, available from the Updates link below, or from the Software Update Application (OS X)





External Tracking Data:

CVE-ID: CVE-2007-4673

Social bookmark this page