Vulnerability in Apple QuickTime

11.27.07 - 12:20pm

Krystian Kloskowski reported a buffer overflow in QuickTime versions 7.2 and 7.3.  An attacker can lure a victim to load a web page with an embedded media object or a file in an email, triggering a bounds checking error in QuickTime that may allow execution of arbitrary code.  This issue impacts QuickTime on Windows and on Mac OS and there is proof-of-concept code publicly available.

If QuickTime is set as the default media player, Firefox will send the request directly to QuickTime.  Mozilla is currently investigating this issue to identify ways to protect Firefox users.

More information is available in the CERT report.

Category: Uncategorized |

jar: Protocol XSS Security Issues Critical Vulnerability in Microsoft Metrics

No Comments Yet

You can be the first to comment!

Speak Your Peace

  • Comment Policy:Could go here if there's a nagging need Login Instructions: Would go here if there's a desire.