Diary

 

Apple QuickTime potential vulnerability/backdoor
Share |
Published: 2010-08-30,
Last Updated: 2010-08-30 23:24:53 UTC
by Adrien de Beaupre (Version: 1)
3 comment(s)

A vulnerability/backdoor in Apple Quicktime has been announced, and we are keeping an eye on it.

Cheers,
Adrien de Beaupré
EWA-Canada.com

Keywords: apple backdoor quicktime vulnerability
3 comment(s)

Comments

Could this be mitigated with SlayOCX? If so, what is the CLSID?
posted by ComputerX, Tue Aug 31 2010, 21:57
- http://www.symantec.com/security_response/threatconlearn.jsp
Aug. 31, 2010 - "... Users may wish to disable the QuickTime plugin until a patch is available; this can be achieved by setting the killbit for the affected control (02BF25D5-8C17-4B23-BC80-D3488ABDDC6B) -or- renaming the plugin (QTPlugin.OCX)..."

- http://www.theregister.co.uk/2010/08/30/apple_quicktime_critical_vuln/
30 August 2010 - "... exploit... works only against those who have Microsoft's Windows Live Messenger installed..."
.
posted by PC.Tech, Wed Sep 01 2010, 19:35
From the above-mentioned Register article:

"While the exploit posted by Santamarta works only against those who have Microsoft's Windows Live Messenger installed, the researcher told The Reg that components that ship by default with QuickTime can be used to pull off the same ROP sleight of hand. Files called QuickTimeAuthoring.qtx and QuickTime.qts are two possibilities."

"Indeed, programmers with the open-source Metasploit project used by penetration testers and other hackers are in the process of building an attack module that does just that."

The exploit posted by Santamarta uses Windows Live Messenger because its DLLs don't use ASLR and DEP so the exploit has an easier time. But the underlying vulnerability and the approach used by Santamarta can take advantage of any DLL that doesn't use ASLR and DEP, and there are a lot of them on the typical system.
posted by Anonymous, Thu Sep 02 2010, 13:23
Login here to post a comment. Diary Archive