A new security vulnerability in QuickTime 7.3.1 for Windows has come up, which reportedly allows an attacker to take control of remote PCs. The flaw was detected by an Italian security expert who posted a proof-of-concept code for the exploit online.
The researcher called Luigi Auriemma, notes that the flaw exploits a buffer overflow bug that enables an attacker to send malicious code when QuickTime attempts to access a Real-Time Streaming Protocol link and port 554 on the server is closed. The software will then turn to port 80 in HTTP, activating an error message that causes the buffer overflow.
The fact of the presence of the worm has been further backed by Alfred Huger, the VP of development at Symantec Security Response. Hugar notes that in testing, the proof-of-concept code only managed to crash the product; however, “it’s a safe assumption that if you can do that you may be able to execute remote code,” he says. “It’s very serious.”
This new vulnerability can hit a fully patched QuickTime version 7.3.1, running on Windows and possibly Mac OS X.
Till the time we were writing this news, no reports on the plausible patch for the flaw have come in.