Hi @ll,
the just released QuickTime 7.7.7 and iTunes 12.2 for Windows still
have quite some of the BLOODY beginners errors I already documented
in the past.
QuickTime 7.7.7, QuickTime.msi
unquoted pathname of executables in command line
We reported this to Google.
They reproduced, and say
It's DoS which doesn't matter.
We think it's very strange,
since the browser does not crash(not DoS),
I think they called it DOS because the chrome.exe process starts to consume
system memory out of control.
In my example (Win7
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Please find a text-only version below sent to security mailing-lists.
The complete version on exploits about my last advisory of ipTIME
products is posted here:
Can you perform any actions on the page once the URL is replaced, or is it
non responsive? (asking because PoC did not work on my Chrome 43.0.2357.130
(64-bit) on OSX). If it is non responsive then the impact is very limited.
Worst thing I can think of is showing your account is suspended, please