ky331
7 Gold

Now PATCHED: QuickTime Player Streaming Debug Error Logging Buffer Overflow

Jump to solution

The following has been copied/pasted from http://secunia.com/advisories/40729/

Description
Krystian Kloskowski has discovered a [highly critical] vulnerability in QuickTime Player, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in QuickTimeStreaming.qtx when constructing a string to write to a debug log file. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into viewing a specially crafted web page that references a SMIL file containing an overly long URL.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 7.6.6 (1671) for Windows. Other versions may also be affected.

[NO] Solution
A patch or updated version is not currently available.

EDIT:   By virtue of this QuickTime vulnerability, Secunia is now reporting all my browswers (IE, FF, Opera) as being insecure.

 

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 10 Pro (64-bit), Panda DOME 18.7.4, MBAM4 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
1 Solution

Accepted Solutions
ky331
7 Gold

Re: UNPATCHED: QuickTime Player Streaming Debug Error Logging Buffer Overflow

Jump to solution

QuickTime 7.6.7 has now been released http://www.apple.com/quicktime/download/ ;

and Secunia's PSI has removed this vulnerability from its listed of (In)Secure Browsing.

 

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 10 Pro (64-bit), Panda DOME 18.7.4, MBAM4 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

View solution in original post

6 Replies
joe53
6 Gallium

Re: UNPATCHED: QuickTime Player Streaming Debug Error Logging Buffer Overflow

Jump to solution

Those using iTunes should know that QuickTime is included and necessary for its proper function, and is integrated into your browser(s). I could find no way to disable it. Thus all my browsers are also at high risk, according to Secunia PSI.

Those using a standalone QuickTime Player should consider uninstalling it in Control Panel/Add or Remove Programs, and re-installing when a patch is released. My understanding, from previous similar advisories, is that merely switching to another media player as default will not mitigate this vulnerability if you surf to a malicious website.

Otherwise, as they say, "avoid visiting untrusted websites".

As for me, Im surfing in Sandboxie til this is fixed.

_________________________________________


Dell Forum Member since 2,000


 Use OpenDNS   MalwareBytes' Anti-Malware Free


Windows 10 Pro (64- Bit): Malwarebytes 4.x Premium, Windows Defender AV, Windows Firewall, WinPatrol PLUS, Emsisoft Emergency Kit Free and HitmanPro Free (on-demand scanners), OpenDNS, MVPS Hosts file, SpywareBlaster, Pale Moon web browser, Sandboxie, CCleaner Free.


"In the future, everyone will be anonymous for 15 minutes" - Banksy

0 Kudos
Annie70
5 Rhenium

Re: UNPATCHED: QuickTime Player Streaming Debug Error Logging Buffer Overflow

Jump to solution

Joe53, What is Sandboxie?

Forum Member Since 2001

0 Kudos
joe53
6 Gallium

Re: UNPATCHED: QuickTime Player Streaming Debug Error Logging Buffer Overflow

Jump to solution

Joe53, What is Sandboxie?

Annie:

Sandboxie is a 3rd party program that allows you to run just about any Windows program in a virtual environment (a "sandbox") that allows it to read all your computer files but not to make any changes to your computer files or registry. It is like running a program in a quarantined environment, that prevents malware from infecting your PC.

In the context of running a browser sandboxed, it will prevent any drive-by malware from a malicious website from infecting your computer. And as even trusted websites are increasingly being hacked these days, it's not a bad way to surf. I've been using it for 'read-only' web-surfing for several months now without any problems.

A good brief review is here:
http://esecurityplanet.com/features/article.php/3842331/Sandboxie-Blocking-Web-Based-Malware-From-Yo...

A good 3 part video review by Matt Rizos on its use is here:
http://www.youtube.com/mrizos#p/u/63/GueXMq-Vyi8

A full one-time paid lifetime version (with a 30 day free trial) is available, which reverts to a limited but still functional free version thereafter if not purchased.
http://www.sandboxie.com/

 

_________________________________________


Dell Forum Member since 2,000


 Use OpenDNS   MalwareBytes' Anti-Malware Free


Windows 10 Pro (64- Bit): Malwarebytes 4.x Premium, Windows Defender AV, Windows Firewall, WinPatrol PLUS, Emsisoft Emergency Kit Free and HitmanPro Free (on-demand scanners), OpenDNS, MVPS Hosts file, SpywareBlaster, Pale Moon web browser, Sandboxie, CCleaner Free.


"In the future, everyone will be anonymous for 15 minutes" - Banksy

0 Kudos
ky331
7 Gold

Re: UNPATCHED: QuickTime Player Streaming Debug Error Logging Buffer Overflow

Jump to solution

Not sure if this is the same, or another, vulnerability in QuickTime 7.6.6

QuickTime Player Allows Movie Files to Trigger Malware Download

Quicktime Player (version 7.6.6) allows movie files to trigger download of files, and cybercriminals are using this to download malware from malicious websites.

Trend Micro Threat Research Engineer Benson Sy encountered two .MOV files (001 Dvdrip Salt.mov, salt dvdrpi [btjunkie][xtrancex].mov) that both used the recent movie, Salt of Angelina Jolie. It looks suspicious enough because of its relatively small size compared to regular movie files.

When the movie files are loaded to Quicktime player, it doesn’t show any live action scenes but leads users to download malware pretending to be either an update codec or another player installation. It is still under investigation whether the malware is using vulnerability or a known functionality to download the malware.

continued at http://blog.trendmicro.com/quicktime-player-allows-movie-files-to-trigger-malware-download/#ixzz0vC6...

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 10 Pro (64-bit), Panda DOME 18.7.4, MBAM4 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
ky331
7 Gold

Re: UNPATCHED: QuickTime Player Streaming Debug Error Logging Buffer Overflow

Jump to solution

QuickTime 7.6.7 has now been released http://www.apple.com/quicktime/download/ ;

and Secunia's PSI has removed this vulnerability from its listed of (In)Secure Browsing.

 

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 10 Pro (64-bit), Panda DOME 18.7.4, MBAM4 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

View solution in original post

Lou.Kershaw
2 Bronze

Re: Now PATCHED: QuickTime Player Streaming Debug Error Logging Buffer Overflow

Jump to solution

Not sure if this is the same, or another, vulnerability in QuickTime 7.6.6

QuickTime Player Allows Movie Files to Trigger Malware Download

Quicktime Player (version 7.6.6) allows movie files to trigger download of files, and cybercriminals are using this to download malware from malicious websites.

Trend Micro Threat Research Engineer Benson Sy encountered two .MOV files (001 Dvdrip Salt.mov, salt dvdrpi [btjunkie][xtrancex].mov) that both used the recent movie, Salt of Angelina Jolie. It looks suspicious enough because of its relatively small size compared to regular movie files.

When the movie files are loaded to Quicktime player, it doesn’t show any live action scenes but leads users to download malware pretending to be either an update codec or another player installation. It is still under investigation whether the malware is using vulnerability or a known functionality to download the malware.

continued at http://blog.trendmicro.com/quicktime-player-allows-movie-files-to-trigger-malware-download/#ixzz0vC6...


Is the link expired? The link cannot be opened.
0 Kudos