Hugh Pickens writes "Apple's QuickTime media player software contains a previously undocumented security weakness in the way QuickTime handles a type of media-streaming communications called the "real time streaming protocol" (RTSP). The vulnerability is present in QuickTime versions 4.0 through 7.3 (the latest version) on both Windows and Mac systems. Symantec has tested the publicly available exploit code and found that it failed to work properly against Internet Explorer 6/7 or Safari 3 Beta but the exploit works against Firefox if users have chosen QuickTime as the default player for multimedia formats. Firefox users are more susceptible to this attack because Firefox farms off the request directly to the QuickTime Player as a separate process outside of its control while Explorer loads the QuickTime Player as an internal plugin and when the overflow occurs, it triggers standard buffer overflow protection that shut downs the affected processes before any damage can be done."
This discussion was created for logged-in users only, but now has been archived.
No new comments can be posted.
Firefox Susceptible to QuickTime Security Flaw 0 Comments More Login /
Get More Comments