QuickTime 0-Day for Vista and XP
Petko Petkov writes on GNUCitizen:
A remote vulnerability exists in the QuickTime player for Windows XP and Vista (latest service packs). An attacker could exploit the vulnerability by constructing a specially crafted QuickTime supported media file that allows remote code execution if a user visited a malicious Web site, opened a specially crafted attachment in e-mail or opened a maliciously crafted media file from the desktop.More here.
If a user is logged on with administrative privileges, the attacker could take complete control of an affected system. An attacker could then install malicious programs, view, change, delete sensitive data, or create new accounts with full user rights. Users who are logged on with less privileged account could be less impacted than users who operate with administrative user rights.
The vulnerability was successfully tested in Windows XP SP2 and Windows Vista SP1 environments. Other versions are believed to be exploitable as well. The vulnerability is currently held private. The GNUCITIZEN team is following responsible disclosure practices. Therefore, the vulnerability details will be privately disclosed to the vendor in a short period of time. This advisory is meant to inform the public and raise the consumer’s awareness.
posted by Fergie @ 4/25/2008 02:44:00 PM
0 Comments:
Post a Comment
<< Home