Highly Dangerous Flaw Discovered in QuickTime

A highly dangerous remote code execution flaw has been exposed in the recent version of the QuickTime for Windows. Secunia (A Danish vulnerability intelligence vendor) reported that the security hole could be exploited by the hackers to scam users into watching a maliciously designed Web page.

Security researcher, Krystian Kloskowski, said that the vulnerability originated owing to a boundary flaw in QuickTimeStreaming.qtx, when a string was constructed to inscribe to a debug log file, as reported by the Help Net Security on July 298, 2010.

To abuse the QuickTime vulnerability, an attacker should deceive users into visiting a malicious web page that refers to a specifically designed SMIL file including an unusually lengthy URL. SMIL is primarily an XML based markup language used to describe diverse aspects of multimedia presentations, like elements, timeline and layouts.

According to the security firm, if the error is effectively exploited, malicious code can be inserted by the hacker and the computer systems can be compromised.

These types of attacks are called the drive-by downloads, as the transmission of malicious data occurs visibly to the user. Cyber criminals are frequently infecting authentic websites by means of exploit toolkits that mainly target the same remote code execution flaws in obsolete versions of famous programs like Flash Player, Java Runtime, Firefox or Internet Explorer and Adobe Reader.

Commenting on cyber criminals selecting QuickTime as the attack vector, security experts said that QuickTime was an expensive target for criminals, as it was installed on a huge number of systems. Almost everybody who owned an iPhone, iPod or iPad, used iTunes and that required QuickTime for the purpose of audio and video playback.

As per the reports, the vulnerability is confirmed to affect only the recent version of the software (7.6.6) for Windows launched on March 30, 2010. Interestingly, the software was released to seal a total of 16 dangerous vulnerabilities. All of these vulnerabilities could be exploited by the attacker to inject and implement arbitrary code with the users' existing privileges.

Related article: Highly-Sensitive American Laboratory Attacked With phishing E-Mail

» SPAMfighter News - 8/10/2010