New QuickTime vulnerability: rtsp://

By Percy Cabello

Mozilla Security has confirmed a new vulnerability involving the QuickTime plugin originally published by the CERT following a public disclosure a few days before including a proof of concept.

This time it is a stack buffer overflow vulnerability in the way QuickTime handles RTSP (Real Time Streaming Protocol) content that may allow malicious code execution. The vulnerability affects Mac and Windows users who use QuickTime player or iTunes.

Firefox may become another vector if the QuickTime plugin is installed. There’s no solution so far for the problem but CERT has a list of workarounds to disable the QuickTime plugin.

Firefox 3 Beta 1 users can open the Add-ons manager (Tools menu, Add-ons), select the Plugins page, look for all QuickTime related plugins and press Disable.

Disable QuickTime plugin Firefox 3

Posted on November 27, 2007 - 10:20 pm || More on Firefox, News, Security

Comments

jeff

November 29, 2007 10:20 pm

I don’t see any mention of what versions of QuickTime have this vulnerability. If we don’t say, how will we know when there is a version that is safe to use?

FWIW, uninstalling QuickTime also disables iTunes, so it’s going to affect more than just viewing videos.

Trackback URI Comments RSS

Leave Comment

« STEEL for stronger, easier Thunderbird extensions Mozilla striped beanie: $10 »