Site Network: Beskerming.com | Skiifwrald.com | Jongsma & Jongsma

Security for All

Sûnnet Beskerming is a company with a focus and a drive to provide Information Security services for all those who want to stay safe and secure in an online world.

Username: | Password: Contact us to request an account

QuickTime - Remote hacker automatic control

Version: 7.1.6 and prior.
Technical Details:

From the available information, it appears that there is a problem with how QuickTime handles XML data that is presented as a valid QuickTime media format. Browsers enabled with a QuickTime plugin have been demonstrated to be vulnerable to an attack based on this (it has yet to be determined if it is the browser interpreting the XML, or the plugin, but multiple browsers are vulnerable).

Description:

A web security researcher has identified a vulnerability with the way that a number of browsers handle different QuickTime media files. At this stage, it is too early to determine if the vulnerability is with the QuickTime plugin (likely), or the browsers. Along with the disclosure of the vulnerability, public exploit samples were provided. At this time there has been no response from Apple about the potential vulnerability.

Mitigation:

Consider the use of alternate QuickTime media handling libraries, or change the handling of QuickTime from within the browser.

Updates:

Source:

http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox

Exploits:

Various Sources

External Tracking Data:


Social bookmark this page