Security News QuickTime ActiveX Control Multiple Vulnerabilities
| QuickTime ActiveX Control Multiple Vulnerabilities |
 |
 |
| Written by Rebecca Mints |
| Tuesday, 19 February 2008 09:17 |
|
Apple QuickTime, Apple's steaming media framework, is available for Apple Mac OS X as well as Microsoft Windows. In the Windows version however, a vulneralbility exists via the functionality provided by the Active X control. The vulnerability is in its handling of parameters passed through various methods. A DoS occurs when applying long strings to certain functions: SetBgColor, SetHREF, SetMovieName, SetTarget, SetMatrix. The proof-of-concept and more technical detail for said vulnerability are publicly available. Affected control is installed with Apple Safari as well as Apple iTunes. As of yet no updates are available nor has Apple confirmed. The vulnerability can be mitigated by using Microsoft's "kill bit" mechanism using CLSID "02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" to disable the affected control. Normal functionality may be affected.
|