Apple QuickTime exploit published
560 views 
Security researchers are warning that exploit code has been published that can take advantage of an extremely critical security flaw in a protocol supported by Apple QuickTime.
Apple QuickTime versions 7.2 and 7.3 on Windows Vista and Windows XP Pro SP2 are both affected, according to an advisory originally posted on Milw0rm.com.
And because Apple's iTunes contains a component of QuickTime, installations of iTunes are also at risk, according to a security advisory by the United States Computer Emergency Readiness Team (US-Cert).
The security flaw is found in the Real Time Streaming Protocol (RTSP) supported by Apple's QuickTime Streaming Server and QuickTime player, US-Cert notes. As a result, users who load a malicious RTSP stream via a QuickTime Media Link file or by visiting a malicious Web page, may find their systems compromised. Malicious attackers, for example, could execute arbitrary code from users' systems or launch a denial-of-service attack.
Working exploit with server
Working exploit with server code available at milworm
so if you have a protocol
so if you have a protocol analyzer which detects that 'content-type' is way-too-large, should notify admin about this exploit ?
yeah, but you can do that
yeah, but you can do that with a signature based IDS system too. Just check for RTSP headers and see if the content-type field is longer than the allowed buffer settings (which is guess is 2^12 = 4096 ).
I havent seen any case, where the content-type field needs to be that long :p
Symantec is reporting an
Symantec is reporting an active exploit site for the QuickTime RTSP Response vulnerability described in CVE-2007-6166. Currently, the malicious stream is hosted at port 554 on the server 85.255.117.212.
Details at : http://isc.sans.org
Post new comment