Firefox users most vulnerable; Internet Explorer users should be wary too.
Polish security researcher Krystian Kloskowski has
published
a proof-of-concept exploit for a vulnerability in
Apple
‘s
QuickTime
media player. The exploit, which makes use of a vulnerability in the way the RTSP-protocol is handled by
QuickTime
, could give hackers access to PCs that run
Windows XP
or
Vista
.
Researchers at
Symantec
, who published a
detailed investigation
into the exploit, say there are two ways for users to be affected: either by opening a malicious attachment in an email, or by browsing to a website that has a malicious
QuickTime
streaming object embedded into it. In the latter case,
Symantec
reports that the current exploit only affects
Firefox
users that have set
QuickTime
as their default multimedia player. However, it is very well possible for the exploit to be refined in the next few days, so that it might affect those browsing with
Internet Explorer
as well.
Until a patch has been released, system administrators are advised to close TCP 554 for outbound connections.
Posted on 27 November 2007 by
Virus Bulletin
Leave a Reply