AfterDawn > News > QuickTime suffers another RTSP flaw

QuickTime suffers another RTSP flaw

Written by James Delahunty @ 11 Jan 2008 18:34 User comments (2)

QuickTime suffers another RTSP flaw Yet another security flaw in how Apple's QuickTime software handles the Real Time Streaming Protocol (RTSP) has been revealed. If exploited by a malicious user, it is possible to run arbitrary code on a victim's computer. This flaw affects fully patched QuickTime version 7.3.1, running on Windows and possibly Mac OS X. It bares some resemblance to the QuickTime RTSP flaw reported in December.
Discovery of the latest flaw is credited to Luigi Auriemma, who has posted a concept exploit on his site. "For exploiting this vulnerability is only needed that an user follows a rtsp:// link, if the port 554 of the server is closed QuickTime will automatically change the transport and will try the HTTP protocol on port 80, the 404 error message of the server (other error numbers are valid too) will be visualized in the LCD-like screen," Auriemma wrote.

Source:
News.com

More news

<CES 2008: HP's MediaSmart Receiver connects HDTVs wirelessly to network >Hauppauge shows its 'HD PVR'
Previous Next

Related news

Write a comment

2 user comments

111.1.2008 21:17
tatsh
Visit user's personal pageSend private message to this user
Member

glad I use Linux :)
ffmpeg and VLC both render QuickTime fine it seems, even RTSP in Firefox with mozplugger/mplayer.

223.1.2008 17:04
borhan9
Visit user's personal pageSend private message to this user
AfterDawn Addict

I may really need to update my quicktime and itunes software.

Comment this article

If you do not have an AfterDawn.com account yet, please enter your nickname and email address below. An activation link will be emailed to you.

If you already have an AfterDawn.com account, please login using the next tab.

Login by using your Afterdawn.com -username or your email address.

Bold Italics Red color Quote Code Add image Add URL




Latest news

Latest untethered jailbreak released for iOS 5.1.1 Latest untethered jailbreak released for iOS 5.1.1 (26 May 2012 18:15)
The Chronic Dev Team has released the latest version of their untethered jailbreak for iOS devices running 5.1.1. Says the blog post: "After copious amounts of work and many sleepless nights, ....
Siri blocked from use on IBM internal networks Siri blocked from use on IBM internal networks (26 May 2012 18:08)
IBM has understandably blocked the voice-activated digital assistant from its work networks. As 'Big Blue' confirms, Siri has been blocked due to the fact that Siri sends everything you ever ....
Cisco kills off development of 'Cius' tablet Cisco kills off development of 'Cius' tablet (26 May 2012 18:00)
Cisco has decided to pull the plug on its failed Cius tablet. The Cius, which was released in 2010 and aimed at enterprise customers, had a focus on business video conferencing and specifically ....
Galaxy S III to hit U.S. and Canada on June 20th? Galaxy S III to hit U.S. and Canada on June 20th? (26 May 2012 17:54)
Although Samsung unveiled the flagship device earlier this month, there has yet to be a set timetable for its release outside of Europe. Today, the Verge is reporting that the device will ....
5000 books return to Kindle Store after dispute ends 5000 books return to Kindle Store after dispute ends (26 May 2012 17:50)
Thanks to a contract negotiation dispute between Amazon and the Independent Publishers Group, the giant e-tailer pulled 5000 titles from the Kindle Store back in February. As of today, however, ....

Latest user comments

News archive

Subscribe to AfterDawn's weekly newsletter.

Popular products:

Hot forum topics right now:

More information:

© 1999-2012 AfterDawn Oy rev4882

For information about advertising on AfterDawn.com, please contact our media sales team.