Apple QuickTime potential vulnerability/backdoor
A vulnerability/backdoor in Apple Quicktime has been announced, and we are keeping an eye on it.
Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.
×
![modal content]()
Diary Archives
Handler on Duty: Didier Stevens
Threat Level: green
© 2024 SANS™ Internet Storm Center
Developers: We have an API for you! 
Comments
ComputerX
Aug 31st 2010
1 decade ago
Aug. 31, 2010 - "... Users may wish to disable the QuickTime plugin until a patch is available; this can be achieved by setting the killbit for the affected control (02BF25D5-8C17-4B23-BC80-D3488ABDDC6B) -or- renaming the plugin (QTPlugin.OCX)..."
- http://www.theregister.co.uk/2010/08/30/apple_quicktime_critical_vuln/
30 August 2010 - "... exploit... works only against those who have Microsoft's Windows Live Messenger installed..."
.
PC.Tech
Sep 1st 2010
1 decade ago
"While the exploit posted by Santamarta works only against those who have Microsoft's Windows Live Messenger installed, the researcher told The Reg that components that ship by default with QuickTime can be used to pull off the same ROP sleight of hand. Files called QuickTimeAuthoring.qtx and QuickTime.qts are two possibilities."
"Indeed, programmers with the open-source Metasploit project used by penetration testers and other hackers are in the process of building an attack module that does just that."
The exploit posted by Santamarta uses Windows Live Messenger because its DLLs don't use ASLR and DEP so the exploit has an easier time. But the underlying vulnerability and the approach used by Santamarta can take advantage of any DLL that doesn't use ASLR and DEP, and there are a lot of them on the typical system.
Anonymous
Sep 2nd 2010
1 decade ago
QuickTime 7.6.8 released - September 15, 2010
___
PC.Tech
Sep 17th 2010
1 decade ago