LMH’s “Month of Apple Bugs” has begun:
“‘LMH’ has discovered a vulnerability in Apple Quicktime, which can be exploited by malicious people to compromise a user’s system,” Secunia reports.
“The vulnerability is caused due to a boundary error when handling RTSP URLs. This can be exploited to cause a stack-based buffer overflow via a specially crafted QTL file with an overly long (more than 256 bytes) ‘src’ parameter (e.g. ‘rtsp://[any character]:[>256 bytes]’),” Secunia reports. “Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 184.108.40.206 (Windows version) and reportedly affects both Microsoft Windows and Mac OS X versions.”
Secunia reports, “Solution: Do not open untrusted QTL files.”
More info here.
“This issue has been successfully exploited in QuickTime™ Version 7.1.3, Player Version 7.1.3. Previous versions should be vulnerable as well. Both Microsoft Windows and Mac OS X versions are affected,” LMH reports.
Full article here.