Italian Researcher Detects New QuickTime Hole
A security researcher in Italy has published a proof-of-concept code to exploit zero-day vulnerability affecting the latest version (7.3.1) of QuickTime media application of Apple.
Luigi Auriemma, known for discovering flaw in the Unreal Engine three years back, on January 10, 2008 posted how an error of buffer overflow is produced in QuickTime. The security hole affects both Mac OS X and Windows versions of QuickTime software, according to Auriemma.
In an e-mail, Auriemma said that the vulnerability is a buffer overflow and it is possible to fully overwrite the return address so that a hacker could exploit it for running malicious software onto the victim's computer. InformationWeek published this on January 10, 2008.
Auriemma said that the problem arises when QuickTime attempts to enable a RTSP, or Real Time Streaming Protocol, connection while the server closes TCP port 544. The application then automatically enables an HTTP connection on port 80. Subsequently, an attacker needs to exploit the vulnerability by tricking a computer user into accessing a malicious site that contains an rtsp:// link. In a failed attempt by QuickTime to connect, the software automatically hunts for an HTTP server on the system, letting the attacker to gain control over it.
On December 13, 2007, Apple had fixed an RTSP-type buffer overflow problem that involved the content-base/content-type header when it transited to QuickTime's version 7.3.1. But the bug Auriemma has spotted involves handling of error message, which is still un-patched and was not notified to Apple before its posting.
Vice President, Development, Symantec Security Response, Alfred Huger, said that the exploit code seems to be operative. InformationWeek published Huger's statement on January 10, 2008. Huger said that the proof-of-concept just managed to corrupt the product and assumed that anyone doing that could execute code remotely.
Huger added that the exploit among other QuickTime vulnerabilities was very serious.
Within three hours of Auriemma's postings on the mailing list of Bugtraq security, another researcher, Marcello Barnaba, also from Italy, reported that the experiments he conducted showed only the Windows edition as vulnerable while Mac OS X didn't display the problem. ComputerWorld published this in news on January 10, 2008.
Related article: Italian Spammers Misuse Lawyers’ Names
» SPAMfighter News - 23-01-2008