Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43428
  • Total Topics: 16525
  • Online today: 2824
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 1
Guests: 2821
Total: 2822









Author Topic: Researcher Finds New Flaw in QuickTime for Windows  (Read 2924 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Researcher Finds New Flaw in QuickTime for Windows
« on: 28. April 2008., 20:03:51 »


A security think tank says it has found a vulnerability in Apple's QuickTime multimedia player that can be exploited remotely to compromise Windows Vista PCs upgraded to Service Pack 1, as well as XP SP2.

From the scant details published on the GNUCitizen's blog, the exploit involves a maliciously crafted media file. When a user opens the file, which can be hosted on a Web site, the vulnerability in QuickTime allows the hacker to take complete control of the machine, according to Petko D. Petkov, known to the hacking community as "pdp."

Petkov doesn't think users are in danger of being attacked as of yet.

"I highly doubt that anyone knows how to exploit this vulnerability," Petkov said. "I haven't shared the details with anyone, and the actual vulnerability is different enough to be rather challenging for even some of the most gifted hackers out there."

In a video with a thumping techno beat, Petkov shows a QuickTime file sitting on the desktop of a PC running XP SP2. If a user opens the malicious file, Petkov then has control of the PC, demonstrated by the way the applications Paint, Calculator and Notepad are seen launching, apparently without further user intervention. The demonstration is repeated on a PC running Windows Vista inside a virtual machine.

Attacking vulnerabilities in applications is becoming increasingly favored by hackers, as finding problems in operating systems becomes increasingly harder, said Alan Paller, director of research for the SANS Institute, last week at the Infosec conference in London.

Petkov said Monday that he has notified Apple of the problem.

The company did not respond to a request for comment.

QuickTime has proved to be one of the more porous applications. Apple, which doesn't have a regular patching schedule like Microsoft, patched the application for at least the sixth time earlier this month, fixing 11 vulnerabilities.

(Copyright by PC World)

Samker's Computer Forum - SCforum.info

Researcher Finds New Flaw in QuickTime for Windows
« on: 28. April 2008., 20:03:51 »

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023