Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: Apple QuickTime RTSP URL Handler Vulnerability SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple QuickTime RTSP URL Handler Vulnerability

 The Month of the Apple bugs seems to have started. The first bug is in the handling of RTSP URL's within Quicktime, leading to arbitrary code execution on both Windows and Mac OS. You can find the advisory here:  The MOAB blog states that you should disable the rtsp:// URL handler, however I have not determined how this is done.

Update 1:

Robert helped me find something I was missing.  Guess I am just blind today or was just paying a little too much attention to the bowl games.  To disable RTSP URLs in QuickTime, open the QuickTime control panel.  Then, select the File Types tab.  Expand the Streaming category and make sure the RTSP stream descriptor is unchecked.  Here is a screen capture of this from my Windows based computer.  I assume MacOS X computers have a similar control panel.   I recommend that you make sure that this is unchecked. 


189 Posts
ISC Handler
Jan 1st 2007

Sign Up for Free or Log In to start participating in the conversation!