[pchelpers] News:Hacker posts QuickTime zero-day attack code

• From: John Durham <john.modec@xxxxxxxxxx>
• To: PC-Helpers <pchelpers@xxxxxxxxxxxxx>
• Date: Sun, 21 Sep 2008 07:40:31 +1200

19 Sep 2008
By Gregg Keizer

A hacker has released attack code that exploits an unpatched
vulnerability in Apple 's QuickTime, just a week after the company
updated the media player to plug nine other serious vulnerabilities, a
security researcher said Wednesday.

The exploit, which was published on the milw0rm.com site Tuesday, takes
advantage of a flaw in the "<? quicktime type= ?>" parameter in
QuickTime, which isn't prepared to handle excessively-long strings, said
Aaron Adams, a researcher with Symantec Corp.'s DeepSight threat
notification network.

"Symantec is currently investigating this flaw further to determine the
underlying technical details," said Adams in a research note Wednesday.

More here:
http://www.cw.com.hk/article.php?id_article=2306
-- 
John Durham
Site http://modecideas.com
Server hosted on Ubuntu 4.10
Good advice is like good paint. It only works when applied.



-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription