There has been found a vulnerability in QTPlugin.ocx ActiveX component in Apple QuickTime. The vulnerability may allow arbitrary code execution on vulnerable installations of Apple QuickTime. It can be exploited by luring user to visit a malicious site or open a malicious file.
Vulnerable are Apple Quicktime 7.x and 6.x series (also versions released in 2004, older ones were not checked) on Windows XP, Windows Vista and Windows 7 with Internet Explorer in use. At the moment there's not a patch available yet but vulnerable control can be blocked by setting a kill bit on CLSID {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} or renaming QTPlugin.ocx file.
More information:
http://www.securityfocus.com/archive/1/513444
http://www.exploit-db.com/exploits/14843/
http://www.techworld.com.au/article/358857/old_apple_quicktime_code_puts_ie_users_harm_way
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment