QuickTime vulnerability expands to IE

A QuickTime vulnerability has been found to infect Internet Explorer

A QuickTime vulnerability unearthed last Friday at the CanSecWest conference also infects Microsoft's Internet Explorer browser, vnunet.com has learned.

The attack was originally demonstrated on a system running Apple's Safari browser. It was found to affect Firefox on both Windows and Mac OS X systems.

However, Terri Forslof, security response manager at Tipping Point, told vnunet.com that by adjusting the target address of the exploit, the company's DV Labs was able to execute the exploit in both Internet Explorer 6 and 7. 

"This is going to affect all Java-enabled browsers," said Forslof.

Tipping Point acquired the details of the vulnerability as part of a $10,000 hacking challenge.

The original vulnerability discovery and exploit development were credited to independent researcher Dino Dai Zovi.

The exploit was written for a hacking contest at the conference in which researchers were challenged to break in to a fully patched MacBook Pro system.

Forslof said that the vulnerability can be mitigated by disabling Java within the browser or by deleting the QTJava.jar file.

A spokesperson for Microsoft told vnunet.com that the company has not found any specific flaws in Internet Explorer that allow for the attack. Microsoft suggests that users look to Apple for a fix.