advertisement
Forums

The Forum is sponsored by 
 

AAPL stock: Click Here
You are currently viewing the Tips and Deals forum
Newer Topic Older Topic
FYI: Quicktime Vulnerability 0-Day
Posted by: ztirffritz
Date: November 27, 2007 09:32AM
[isc.sans.org]

As outlined by Secunia, Apple's Quicktime 7.2 and 7.3 has a overwrite condition via incorrect rtsp parsing.

There are several things you can do until this gets patched (just remember to undo them after you patch!).

1) Block the RTSP protocol. Ports are 554/tcp and 6970-6999/udp.

2) Set the Killbit for Quicktime CLSID's:

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
{4063BE15-3B08-470D-A0D5-B37161CFFD69}

There are some other recommendations over at the US-CERT site. But like I said, remember to undo them after the patch, or you will be wondering why things aren't working with your Quicktime streams.

Please remember that Quicktime is a component of iTunes...


**************************************
MacResource User Map: [www.zeemaps.com]#
Options:  Reply • Quote
Re: FYI: Quicktime Vulnerability 0-Day
Posted by: jdc
Date: November 27, 2007 09:50AM
Solution:
Do not browse untrusted websites, follow untrusted links, nor open untrusted QTL files.

duh?




Edited 999 time(s). Last edit at 12:08PM by jdc.
Options:  Reply • Quote
Re: FYI: Quicktime Vulnerability 0-Day
Posted by: Article Accelerator
Date: November 27, 2007 01:14PM
Windows only.
Options:  Reply • Quote
Re: FYI: Quicktime Vulnerability 0-Day
Posted by: silvarios
Date: November 27, 2007 04:18PM
When I read Killbit, I knew this was Windows only. What's up with all the vulnerabilities specific to QuickTIme on Windows?


Nathan
Options:  Reply • Quote
Newer Topic Older Topic
Sorry, only registered users may post in this forum.

Click here to login

Online Users

archipirata , dad@home , gadje , MartyStickle , saintyohann , Wags
Guests: 227
Record Number of Users: 186 on February 20, 2020
Record Number of Guests: 5122 on October 03, 2020