Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Fix for quicktime arbitrary code execution SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Fix for quicktime arbitrary code execution
     Apple has provided a fix for an buffer overflow vulnerability in RTSP urls.  The fix is available for: "QuickTime 7.1.3 on Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.8, Mac OS X Server v10.4.8, Windows XP/2000".

For Windows users: The patch is only provided for OS X. As a Windows user, your best bet is to uninstall Quicktime and if you still need it download the newest version from Apple later. You can find it by clicking the "Quicktime" tab on Apple's home page ( and follow the download links. Its not clear if the version that is available right now is vulnerable or not. But it does not appear to have been updated recently.

     Many thanks to Juha-Matti for bringing this up.

80 Posts
Jan 24th 2007

Sign Up for Free or Log In to start participating in the conversation!