Saint_Michael
Nov 30 2007, 11:09 AM
On monday it was reported that Quicktime 7.2 and 7.3 versions come with a new exploit in which malware could on to a person's computer through streaming videos. They only mention that XP and Vista are the only affect systems and no word came about on the Mac operating system. They mention that a buffer overflow bug was made in which it "contains a stack buffer overflow vulnerability in the way Quicktime handles the RTSP Content-Type header." For those who don't know what RTSP is, RTSP is the Real-Time Streaming Protocol which apple uses for its QuickTime software to complicate the problem even further they mention that since ITunes uses Quicktime for its music it could be "widespread", and so the solution they gave until a patch was found was to block RTSP, disable the QuickTime ActiveX component for Internet Explorer and QuickTime plug-in for Mozilla, and disabling JavaScript. So not to get to far a head of myself, in Thursday's article they mention that for this to work a person would have to download a file with common extensions such as .mov or .3gp. They also mention in the current update that in fact the malicious files is actually a XML "will force the player to open an RTSP connection on port 554 to the malicious server hosting the exploit." On top of that this exploit can be enable through browsers as well by clicking on a url that is connected the malicious server and when tested against the common browsers Ie 6/7 and Safari 3 have prevented the attack; unfortunately firefox users cannot prevent this attack because of the QuickTime plug-in and thats if users have Quicktime as their default player. Symantec mentions that its antivirus software will detect the exploit as Trojan called Quimkids, and so make sure for those who use Norton Antivirus to update your software and scan to see if your computer has this trojan installed. Right now no patch has been made at this time but I would suspect that there should be one by Tuesday the latest. So they still recommend that you "prohibit the RSTP protocol on your networks; disabling QuickTime browser objects; disabling JavaScript where possible; and avoiding untrusted QuickTime files." Now how Vista is affected by this is that the security is set up in such a way that Vista doesn't allow buffer overflows to happen, however, Apple programmers failed to enable ASLR addressing, and thus the reason why Vista will become open for malicious hackers, and software to get into a Vista running computer. Of course Apple was quick to fire off blame to Microsoft by saying ""If programmers are required to code their application differently, then it's not Apple's programmers who are at fault for not using ASLR, but Microsoft for not enforcing and making this feature a default behavior of all applications." So expect some back forth on this exploit between these two companies until a patch is made and the exploit is resolved. QUOTE Users and administrators can count on seeing more exploits of QuickTime and iTunes, Storms said. "Hackers will continue to target cross-platform media applications because it's what most users use on the Web; and there is a greater likelihood that a successful attack on Windows can be easily transformed for Apple. Both iTunes and QuickTime fall into this category and have been favorite haunts for hackers for some time now," he said. It is also interesting to note that 7.3 just came out recently because of a exploit used in the TIFF files and some java support problems as well, and with the above quote expect QuickTime to become big in security related news next year. Of course will keep you updated on this exploit as well. SOURCES Article 1Article 2Symantec Trojan InfoTrojan Info #2
Reply
rayzoredge
Nov 30 2007, 04:11 PM
So from what I understand, it's the RTSP protocol that allows for this vulnerability to happen? I was always under the impression that media files weren't able to harbor viruses; only archives, executables, and any other non-media file did (most commonly ZIPs, TARs, EXEs, etc.). I know that files can be renamed with extensions, but I didn't think that the scripts would execute because it couldn't be opened... So again, I'm just wondering: is it just because of the way streaming media is interpreted by the RTSP protocol?
Reply
Similar Topics
Keywords : quicktime, day, exploit, news, updates
- Another New Exploit And One A Few Weeks Ago, We Are All At Risk From These
A DNS exploit and a clipboard expload believe it or not! (0)
Is There An Exploit In Vista Home Premium To Make Firefox Permanant Default Browser?
(4) I just got a new laptop, and of course it's loaded with vista. Everything works awesomly!
(my last PC was from 2001, BIG DIFF.) But the damned thing compulsivly and automatically sets
Internet Explorer to my default browser and won't let me change certain things which browsers
will typically handle. 've manually changed it so Firefox handles all the stuff except HTTPS
and what not (CANNOT CHANGE W/O HACK!), but IE just bumps in every time I want to click a link
from a non-browser based file /sad.gif" style="vertical-align:middle" emoid=":(" border="....
Brand New Security Holes Found And Patch On This Month Updates And Office Exploits
(0) Even though the fiasco with the .ANI exploit is still going strong microsoft released it's month
updates this time they found 4 more critical breaches in it's systems (XP), most people should
have gotten the update pop up screen yesterday. So here is the info on these critical flaws.
http://go.microsoft.com/fwlink/?LinkId=84687 http://go.microsoft.com/fwlink/?LinkId=85130
http://go.microsoft.com/fwlink/?LinkID=85163 http://go.microsoft.com/fwlink/?LinkID=85164
http://go.microsoft.com/fwlink/?LinkId=80251 I don't know how reliable vista will be af....
Zero-day Firefox Exploit
(5) Link to Article: http://news.com.com/Hackers+claim+zero-day..._3-6121608.html Thought this was
interesting. Really caught me offgaurd, didn't expect such a huge flaw on a GPL based program.
Whats even more scary is they said they have about 30 other flaws found.......
Cpanel Exploit
security hole in cPanel to hack the servers of a hosting company (8) A pair days ago I read this new on Slashdot: cPanel Exploit Used to Circulate IE Exploit
QUOTE "In a dangerous combination of unpatched exploits, hackers have used a previously
undiscovered security hole in cPanel to hack the servers of a hosting company and use hundreds of
hijacked sites to infect Internet Explorer users with malware using the unpatched VML exploit.
cPanel, whose hosting automation software is used by many large hosting companies, has issued a fix.
It's a local exploit, meaning the attacker must control a cPanel account on the target hosti....
Attention All Ipb Users/admin
Important exploit discovered! (6) Invision Power Board v2.1.6 © 2006 IPS, Inc. This is what it is written on the bottom of the
board. Not so long ago, i was surfing somewhere, (i wont say where) and i discovered a "sql
injection"exploit, a perl script. QUOTE(step28 in the hack) 28. Reload and click on the
username to the admin. You are now logged in as an ADMIN!!! Admins, pm to receive
the link where i found this. with this hack, you can log in with any user without his pass.
It's really easy to do, you just need PERL, Opera webbrowser and 3 minutes fo your life... ....
Windows Xp Pro Exploit: Permission Setup Allows Access To Task Manager During Login
even if permissions deny this abiltity. (1) A friend of mine was temporarily banned from the computers at my school a while ago after he
accidentially found a way into Task Manager, which is disabled on our network. He has had his
permissions restored now, but has no idea why he got banned in the first place. However, recently he
explained what he did to me, and I tested it. I soon found out that, by accident, we had both
discovered that there is a Security Exploit in networking Windows XP Professional. The exploit is
to do with network permissions. Windows XP recieves the permission data from the network as soon....
Firefox Exploit
(0) QUOTE Earlier this week, I blogged about a site doing a bunch of different exploits, depending
on what you are running. One of the things the site will do is detect if you have Firefox, and
attempt to exploit it, using the InstallVersion.compareTo() vulnerability. Read More with
images Already found to be copying and pasting. Take this time to review our forum rules. Warning.
....
Serious Wmf Windows Exploit
No-one is safe right now (16) This has blown up big time in the last 3 days: http://www.f-secure.com/weblog/ ....
Latest Ie Exploit
does anyone still use this browser? (10) For Internet Explorer users, please note that there is a new exploit in the wild that is capable of
compromising a fully patched and updated WinXP machine:
http://www.eweek.com/article2/0,1759,18917...3119TX1K0000594 Microsoft has not released a fix yet.
From the article: QUOTE IE users should immediately disable Active Scripting via the Tools >
Internet Options > Security tab > Custom Level feature. Firefox and other alternative web
browsers are not affected. You would have to be tricked into going to a malicious website to have
any chance of being affecte....
[exploit] Phpbb <=2.0.12 Vulnerability.
How to be Admin on phpBB in Simple steps (2) Another vulnerability in PHPbb based forums that can be used to easily gain any user level access to
the forum. Even the admin account is not not secure with the default setup. Click Here for more
details about -"How to be Admin on phpBB in Simple steps!" And here is the Homepage of
PHPbb and click here to download the latest version.....
Online Scams Exploit Katrina Disaster
(10) In the wake of hurricane Katrina, several online scams have begun to circulate the Internet,
according to several security firms. Sophos warned users on Thursday not to open a malware-Infected
e-mail posing as news on the disaster. Possible subject lines of the e-mail could be QUOTE
"Re: g8 Tropical storm flooded New Orleans", "Re: g7 80 percent of our city underwater", and "Re:
q1 Katrina killed as many as 80 people". The group said there could be additional variants.
BetaNews on Thursday morning had received a variant of the above e-mails, however it app....
[exploit] Cpanel Versions Below And Equal To 9x
(7) Exploit for cPanel versions below and equal to 9x that takes advantage of a remote command execution
vulnerability. /* cPanel */ //headers #include //In/Out #include //sockets functions
#include //memory functions #include //strlen,strcat,strcpy #pragma comment(lib,"ws2_32.lib")
//for compile with dev-c++ link to "libws2_32.lib" #define Port 2082 //port for connect to cPanel
#define SIZE 1024 //buffer size to receive the data /*connect host:port*/ SOCKET Conecta(char
*Host, short puerto) { /*struct for make the socket*/ WSADATA wsaData; SOCKET Winsock;//l....
[exploit] Microsoft Server Message Block
(SMB) Remote Exploit (MS05-011) (0) Microsoft Server Message Block (SMB) Remote Exploit (MS05-011) /* * Windows SMB Client
Transaction Response Handling * * MS05-011 * CAN-2005-0045 * * This works against Win2k * *
cybertronic gmx net * http://www.livejournal.com/users/cybertronic/ * * usage: * gcc -o mssmb_poc
mssmb_poc.c * ./mssmb_poc * * connect via \\ip * and hit the netbios folder! * *
***STOP: 0x00000050 (0xF115B000,0x00000001,0xFAF24690, * 0x00000000) * PAGE_FAULT_IN_NONPAGED_AREA *
* The Client reboots immediately * * Technical Details: * ----------------- * * The driver MRXSMB.S....
[exploit] Microsoft Internet Explorer Com Objects
File Download Exploit (MS05-038) (0) Microsoft Internet Explorer COM Objects File Download Exploit (MS05-038)
/*+++++++++++++++++++++++++++++++++++++++++++++++ Ms05 038 exploit POC Write By ZwelL 2005 8 11
http://www.donews.net/zwell zwell@sohu.com Some code belongs to Lion(cnhonker), regards to him.
This code tested on Windows 2003 -----------------------------------------------*/ #include
#include #pragma comment(lib, "ws2_32") // Use for find the ASM code #define PROC_BEGIN __asm
_emit 0x90 __asm _emit 0x90\ __asm _emit 0x90 __asm _emit 0x90\ __asm _emit 0x90 __asm
_emit 0x90\....
[exploit] Phpbb 2.0.15 "viewtopic.php"
Remote PHP Code Execution Exploit (3) phpBB 2.0.15 "viewtopic.php" Remote PHP Code Execution Exploit #!/usr/bin/pyth0n print
"\nphpBB 2.0.15 arbitrary command execution eXploit" print " 2005 by rattle@awarenetwork.org"
print " well, just because there is none." import sys from urllib2 import Request, urlopen from
urlparse import urlparse, urlunparse from urllib import quote as quote_plus INITTAG = ' '
ENDTAG = ' ' def makecmd(cmd): return reduce(lambda x,y: x+'.chr(%d)'%ord(y),cmd
,'chr(%d)'%ord(cmd )) _ex = "%sviewtopic.php?t=%s&highlight=%%27." _ex += ....
[exploit] Microsoft Windows 2000 Plug And Play
Universal Exploit (0) Microsoft Windows 2000 Plug and Play Universal Remote Exploit (MS05-039) /* Windows 2000
universal exploit for MS05-039 -\x6d\x35\x6c\x30\x6e\x6e\x79- */
#include #include #include #include #include #include #include #pragma comment(lib,
"mpr") #pragma comment(lib, "Rpcrt4") BYTE Data1 =
{0x11,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x11,0x00,0x00,0x00,
0x52,0x00,0x4F,0x00,0x4F,0x00,0x54,0x00,0x5C,0x00,0x53,0x00,
0x59,0x00,0x53,0x00,0x54,0x00,0x45,0x00,0x4D,0x00,0x5C,0x00,
0x30,0x00,0x30,0x00,0x30,0x00,0x30,0x00,0x00,0x0....
[exploit] Microsoft Windows Remote Desktop Dos
(0) Microsoft Windows Remote Desktop Protocol DoS Exploit (MS05-041) // Windows XP SP2
'rdpwd.sys' Remote Kernel DoS // // Discovered by: // Tom Ferris // tommy
security-protocols com // // Tested on: // Microsoft Windows XP SP2 // // Usage (SPIKE) :
./generic_send_tcp 192.168.1.100 3389 remoteass.spk 1 0 // // 8/9/2005 Security-Protocols.com // //
This program is free software; you can redistribute it and/or modify it under // the terms of the
GNU General Public License version 2, 1991 as published by // the Free Software Foundation.
s_block_start("packet_1....
[exploit] Microsoft Windows 2000 Plug And Play
(1) Microsoft Windows 2000 Plug and Play Universal Remote Exploit #2 (MS05-039) /*
HOD-ms05039-pnp-expl.c: 2005-08-10: PUBLIC v.0.2 * * Copyright © 2005 houseofdabus. * * (MS05-039)
Microsoft Windows Plug-and-Play Service Remote Overflow * Universal Exploit + no crash shellcode * *
.:: ::. * * --------------------------------------------------------------------- * Description: * A
remote code execution and local elevation of privilege * vulnerability exists in Plug and Play that
could allow an * attacker who successfully exploited this vulnerability to take * complete con....
[exploit] Sun Solaris "printd" Daemon
Remote Arbitrary File Deletion (0) ## # This file is part of the Metasploit Framework and may be redistributed # according to the
licenses defined in the Authors field below. In the # case of an unknown or missing license, this
file defaults to the same # license as the core Framework (dual GPLv2 and Artistic). The latest #
version of the Framework can always be obtained from metasploit.com. ## package
Msf::Exploit::solaris_lpd_unlink; use base "Msf::Exploit"; use IO::Socket; use IO::Select; use
strict; use Pex::Text; my $advanced = { }; my $info = { 'Name' => 'Solaris
LPD Arbit....
Ms Internet Explorer Com Objects File Dl Exploit
(1) another internet explorer aecurity hole! /blink.gif' border='0' style='vertical-align:middle'
alt='blink.gif' /> here 's the exploit : http://www.milw0rm.com/id.php?id=1148 ....
Microsoft Windows Plug-and-play Exploit
(0) wow, you can get this famous vulnerabilty exploit here: http://www.milw0rm.com/id.php?id=1149
have fun /smile.gif' border='0' style='vertical-align:middle' alt='smile.gif' /> ....
New Computer Virus
Computer Virus that masquerades as NEWS (16) Have you ever read or encouter such virus that disguised as NEWS.. well here is some info on how
virus created found and works... QUOTE Researchers have identified a new computer virus that
masquerades as news headlines from CNN's Web site. Sophos, an anti-virus firm, says the virus
-- identified as Crowt-A -- pulls headlines, subject lines and other content from CNN.com. Once
opened, the virus can then scan the user's address book and try to email itself to those users.
The virus' subject line and attachment share the same name, Sophos researchers say....
Phpbb Exploit
(17) Recently, an exploit has been found out that allows people to use their cookies to gain access to
the ACP. And Firefox assists with it /ohmy.gif' border='0' style='vertical-align:middle'
alt='ohmy.gif' /> ! Basically what happens that is when you visitthe phpBB forum, it logs a
cookie containing your Session ID (Basically who and when you are). What it does, after much
decoding and encoding, is allows you to replace your SID with the admin's, thus enabling them to
gain access. To fix this, upgrade to the latest version of phpBB, 2.0.13. Dun dun dunnnnn! B....
Phpbb Exploit
PhbBB exploits unleashed! (4) /laugh.gif' border='0' style='vertical-align:middle' alt='laugh.gif' /> hello Oh
!!!!! agian PHPBB exploits & bugs phpbb team must /laugh.gif' border='0'
style='vertical-align:middle' alt='laugh.gif' /> dead check here
http://k-otik.com/exploits/20050228.phpbbsession.c.php /wink.gif' border='0'
style='vertical-align:middle' alt='wink.gif' /> for more security use IPB OR VBULLETIN
/unsure.gif' border='0' style='vertical-align:middle' alt='unsure.gif' /> Thanks Best REgars ,
liridonahm EDIT : PHPBB EXPLOITS, Trap17 is not responsible ....
Looking for quicktime, day, exploit, news, updates
|
*RANDOM STUFF*
*SIMILAR VIDEOS*
Searching Video's for quicktime, day, exploit, news, updates
*MORE FROM TRAP17.COM*
|
advertisement
|
|
