According to Dave Merten, there is a security bug existing in QuickTime that may be used as a vector to attack the system. Available on both Mac OS X and Windows, the latest version of QuickTime 7.5.5 has been reported that the ” ” tag fails to handle long strings, which can lead to a heap of overflow in QuickTime Player, iTunes or any other programs that utilise media using QuickTime plug-in.

Such programs include, but not limited to, browser, Mail or even when a user attempts to view a file with Quick Look. The outcome results in crashing the programs, but the malicious code could be added to such files, and may be executed with no user interaction.

Detail are as follow:

Exploit: OSX.Exploit.QT755-1
Discovered: September 18, 2008
Risk: Low 

No patch is yet to be released.

This entry was posted on Tuesday, September 23rd, 2008 at 12:23 am and is filed under Audio, Mac OS, Software Companies, Video, Web Apps, Windows . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.