[ISN] Apple Vulnerability Project Launches with QuickTime Exploit

From: InfoSec News (alerts@private)
Date: Tue Jan 02 2007 - 00:36:47 PST


By Ryan Naraine
January 1, 2007

An easy-to-exploit security vulnerability in Apple Computer's QuickTime 
media player could put millions of Macintosh and Windows users at risk 
of code execution attacks.

The QuickTime flaw kicked off the Month of Apple Bugs project, which 
promises to expose unpatched Mac OS X and Apple application 
vulnerabilities on a daily basis throughout the month of January.

According to an advisory released Jan. 1, the flaw exists in the way 
QuickTime handles a specially rigged "rtsp://" URL.

"By supplying a specially crafted string, [an] attacker could overflow a 
stack-based buffer, using either HTML, Javascript or a QTL file as 
attack vector, leading to an exploitable remote arbitrary code execution 
condition," said LMH, one of the mysterious hackers behind the 
controversial project.

He described exploitation of the issue as "trivial" and warned that 
stack NX can also be rendered useless.

LMH said the issue was successfully exploited in QuickTime Player 
Version 7.1.3. Previous versions are likely vulnerable as well. Both 
Microsoft Windows and Mac OS X versions are affected.

The Cupertino, Calif.-based Apple markets QuickTime as a platform for 
the handling of video, sound, animation, graphics, text and music. The 
technologyand media playeris available for Windows and Mac users, making 
it a lucrative target for malware writers.

"The only potential workaround would be to disable the "rtsp://" URL 
handler, uninstalling QuickTime or simply live with the feeling of being 
a potential target," according to the advisory.

Subscribe to InfoSec News

This archive was generated by hypermail 2.1.3 : Tue Jan 02 2007 - 00:49:37 PST