All the latest UK technology news, reviews and analysis
|
|
|
02 Jan 2007
Apple's QuickTime software has been hit by a buffer overflow bug that could allow malicious code to be run on Windows and Mac PCs.
The vulnerability uses a specially crafted QTL file to cause a stack-based buffer overflow that allows the execution of arbitrary code.
The problem occurs when an 'src' parameter is created with more than 256 bytes.
"After successful exploitation, control over EIP is gained. This is a simple good-old stack smashing," said the first report of the problem at the Month of Apple Bugs website.
The vulnerability has been successfully exploited in QuickTime version 7.1.3, although previous versions are also expected to be vulnerable.
Security website Secunia warned that the only way for users to protect themselves against the attack is not to open untrusted QTL files.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
My multi- national Partner client has charged me exclusively...
Senior IT Operations Engineer -MCSE, IIS7/7.5, SAN, CDN...
I have an urgent requirement for short term contract...
User Interface Developer x 1/2 - Leading Organisation...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?