http://secunia.com/advisories/40729/
Krystian Kloskowski has discovered a vulnerability in QuickTime Player, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in QuickTimeStreaming.qtx when constructing a string to write to a debug log file. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into viewing a specially crafted web page that references a SMIL file containing an overly long URL.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 7.6.6 (1671) for Windows. Other versions may also be affected.
-----------------------------------------
Reports indicate that removing the QuickTimeStreaming.qtx file is an effective mitigation, however it will kill your ability to watch streaming content in QT.
No comments:
Post a Comment