Marcello Barnaba (void) <[EMAIL PROTECTED]> wrote:
> By the way, even with "Transport setup" -> "Automatic", the software
> doesn't crash nor loops after reading the HTTP payload
An hypotesis is a possible different behaviour depending by the version
of Mac OS, probably bypassable using a modified
On Jan 11, 2008, at 10:14 PM, Luigi Auriemma wrote:Now talking about you, Marcello, the problem you had is just with "your"same computer/network, probably you have a firewall or something else (a"condition" as you define it) that simply makes your ports to appearfiltered/timedout and so Quicktime g
"Marcello Barnaba (void)" <[EMAIL PROTECTED]> wrote:
> Tried on QuickTime 7.3.10 running on OSX 10.5.1, and the player doesn't
> try to connect to port 80 if 554 is closed.
> ...
> yea i second that i tested on Vista and it doesnt attempt to redirect
> to the port 80 there must be another condition
On Jan 10, 2008, at 7:45 PM, Luigi Auriemma wrote:
> For exploiting this vulnerability is only needed that an user follows
> a rtsp:// link, if the port 554 of the server is closed Quicktime will
> automatically change the transport and will try the HTTP protocol on
> port 80, the 404 error messa
###
Luigi Auriemma
Application: Quicktime Player
http://www.apple.com/quicktime
Versions: <= 7.3.1.70
Platforms:Windows and Mac
Bug: buffer-overflow
Exploitation: remo