http://newteevee.com/2007/01/03/vulnerability-discovered-in-apple-quicktime/
Vulnerability Discovered in Apple QuickTime<http://newteevee.com/2007/01/03/vulnerability-discovered-in-apple-quicktime/> 12 Written by Jackson West <http://newteevee.com/author/jackson-west/>-Posted Wednesday, January 3, 2007 at 1:00 PM PT The "Month of Apple Bugs <http://projects.info-pull.com/moab/>13" project is pretty much what it sounds like a month devoted to finding, proving and publishing the details of exploits in Apple hardware and software. Any coincidence that it's scheduled for the same month as MacWorld can be chalked up to ironic humor on the part of cheeky hackers. So far, the biggest story has been the discovery of a buffer-overflow vulnerability <http://news.com.com/2100-1002_3-6146615.html>14 that can affect Windows and Macintosh machines running QuickTime 7.1.3. All the attacker has to do is send a bogus call to a the RTSP (Real Time Streaming Protocol) URL handler via HTML, JavaScript or through a QuickTime QTL file. How can you defend yourself? According to LMH and Kevin Finisterre who discovered the vulnerability <http://projects.info-pull.com/moab/MOAB-01-01-2007.html> 15, "The only potential workaround would be to disable the rtsp:// URL handler, uninstalling Quicktime or simply live with the feeling of being a potential target for pwnage." [Non-text portions of this message have been removed] Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/videoblogging/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/videoblogging/join (Yahoo! ID required) <*> To change settings via email: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/