New QuickTime vulnerability surfaces

After patching QuickTime to version 7.3 and thus disposing of a widely-exploited bug, Apple is facing yet another vulnerability. This particular one affects Windows XP and Vista users, although it's not certain yet, whether Mac OS X is susceptible.

Attack code exploiting this vulnerability has been posted on milw0rm.com, it has to do with malware being disguised as streaming video. Apparently Apple made a few mistakes, one of them is leaving the buffer-overflow bug found in QuickTime versions 7.2, 7.3 and perhaps older ones as well. “Apple QuickTime contains a stack buffer overflow vulnerability in the way QuickTime handles the RTSP Content-Type header. This vulnerability may be exploited by convincing a user to connect to a specially crafted RTSP stream,” US-CERT commented.

RTSP is short for Real-Time Streaming Protocol. If a user should click on a malicious stream, an attacker could execute arbitrary code on the compromised system.

Symantec said that “various memory-protection schemes (such as nonexecutable and randomly mapped memory segments) may hinder an attacker's ability to exploit this vulnerability to execute arbitrary code.”

Windows Vista has one such scheme. It is called ASLR (Address Space Layout Randomization). However, it will not protect users from this particular vulnerability, since Apple hasn't enabled ASLR addressing. Both of these vendors can be held at fault here: Apple for not enable ASLR addressing and Microsoft, for not making this feature a default behavior of all applications.

There are no straightforward solutions to the problem, so security experts suggest that users should disable JavaScript, the QuickTime plug-in for Mozilla and QuickTime ActiveX for IE. They should also block RTSP and generally just not click on streams from untrusted sources.


Files
Software
Compare
Like us on Facebook