Cross Post from Susan Bradley off another list, kudos to her. Apple QuickTime backdoor creates code-execution peril * The Register: http://www.theregister.co.uk/2010/08/30/apple_quicktime_critical_vuln/
Bugtraq: [0day] Apple QuickTime "_Marshaled_pUnk" backdoor param arbitrary code execution: http://seclists.org/bugtraq/2010/Aug/358 "Unfortunately, due to DLL Hijacking fiasco workaround, a LoadLibrary+UNC payload seems not very dangerous...isn't it? ;) " Metasploit Framework - /modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb - Metasploit Redmine Interface: https://www.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb And if we though the fun with the .DLL hijack exploits coming fast and furious wasn't enough... Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Monday, August 30, 2010 7:17 PM To: NT System Admin Issues Subject: Re: Restoring default file opens with On Mon, Aug 30, 2010 at 7:02 PM, Jon Harris <[email protected]> wrote: > Tried that without the reboot. I will have to get one of the DA's to find a > window and try that again but with the reboot. P.S.: Other things to try before rebooting: 1. Clean exit/restart of Windows Explorer. Click Start, Shutdown. You get the dialog box that asks shutdown/reboot/etc. Hold down CTRL+ALT+SHIFT, and press ESC or click "Cancel". Explorer will exit. Press CTRL+SHIFT+ESC to bring up Task Manager. File -> Run, EXPLORER, OK. Explorer will start. (A lot of people suggest a hard kill ("End Task"), but that doesn't give Explorer a chance to exit cleanly.) 2. Log off and then back on again. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- You are currently subscribed to ntsysadmin as: [email protected]. To unsubscribe click here: http://lyris.sunbelt-software.com/u?id=7509710.a547ea216ad7e2d08cde8da04ef47d80&n=T&l=ntsysadmin&o=9079869 or send a blank email to leave-9079869-7509710.a547ea216ad7e2d08cde8da04ef47...@lyris.sunbelt-software.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- You are currently subscribed to ntsysadmin as: [email protected]. To unsubscribe click here: http://lyris.sunbelt-software.com/u?id=8142875.a9cf90b99baa17cb4fcf8293a59eb3b1&n=T&l=ntsysadmin&o=9079879 or send a blank email to leave-9079879-8142875.a9cf90b99baa17cb4fcf8293a59eb...@lyris.sunbelt-software.com
