Posted by Virus Bulletin on Nov 27, 2007
Firefox users most vulnerable; Internet Explorer users should be wary too.
Polish security researcher Krystian Kloskowski has published a proof-of-concept exploit for a vulnerability in Apple's QuickTime media player. The exploit, which makes use of a vulnerability in the way the RTSP-protocol is handled by QuickTime, could give hackers access to PCs that run Windows XP or Vista.
Researchers at Symantec, who published a detailed investigation into the exploit, say there are two ways for users to be affected: either by opening a malicious attachment in an email, or by browsing to a website that has a malicious QuickTime streaming object embedded into it. In the latter case, Symantec reports that the current exploit only affects Firefox users that have set QuickTime as their default multimedia player. However, it is very well possible for the exploit to be refined in the next few days, so that it might affect those browsing with Internet Explorer as well.
Until a patch has been released, system administrators are advised to close TCP 554 for outbound connections.
Posted on 27 November 2007 by Virus Bulletin