We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,812 News Articles

Vista & XP users open to new QuickTime flaw

Vulnerability affects Windows Vista SP1 & XP SP2

GNUCitizen claims to have found a vulnerability in Apple's QuickTime multimedia player that can be exploited remotely to compromise Windows Vista PCs upgraded to Service Pack 1 (SP1), as well as XP SP2.

From the scant details published on GNUCitizen's blog, the exploit involves a maliciously crafted media file. When a user opens the file, which can be hosted on a website, the vulnerability in QuickTime allows the hacker to take complete control of the machine, according to Petko D. Petkov, known to the hacking community as 'pdp'.

Petkov doesn't think users are in danger of being attacked as of yet.

"I highly doubt that anyone knows how to exploit this vulnerability," Petkov said. "I haven't shared the details with anyone, and the actual vulnerability is different enough to be rather challenging for even some of the most gifted hackers out there."

In a video with a thumping techno beat, Petkov shows a QuickTime file sitting on the desktop of a PC running XP SP2. If a user opens the malicious file, Petkov then has control of the PC, demonstrated by the way the applications Paint, Calculator and Notepad are seen launching, apparently without further user intervention. The demonstration is repeated on a PC running Windows Vista inside a virtual machine.

Attacking vulnerabilities in applications is becoming increasingly favoured by hackers, as finding problems in operating systems becomes increasingly harder, said Alan Paller, director of research for the SANS Institute, last week at the Infosec conference in London.

Petkov said on Monday that he has notified Apple of the problem.

The company did not respond to a request for comment.

QuickTime has proved to be one of the more porous applications. Apple, which doesn't have a regular patching schedule like Microsoft, patched the application for at least the sixth time earlier this month, fixing 11 vulnerabilities.

Related articles:

Quicktime hacker finds Adobe PDF exploit

Windows Vista SP1 review

Visit Security Advisor for the latest internet threat news, and internet security product reviews

Visit PC Advisor's Microsoft spotlight for the latest Microsoft news and opinion

Latest Windows Vista news - click here


IDG UK Sites

iPhone 6 release date, price, specs and new features: Invite confirms 9 September launch

IDG UK Sites

Nostalgia time: Top 10 best selling mobile phones in history

IDG UK Sites

How Ford designs next-generation cars at its Melbourne Design Centre

IDG UK Sites

iPhone 6 release date, rumours, video, UK price & images: iPhone launch event confirmed for 9...