QuickTime Movie Handling Vulnerability Only Affects Windows Users

Severity: Medium

13 August, 2010

Summary:

  • These vulnerabilities affect: QuickTime 7.6.6 and earlier for Windows (Mac version is unaffected)
  • How an attacker exploits them: By enticing your user into viewing a maliciously crafted movie
  • Impact: An attacker could execute code on your user’s computer, potentially gaining control of it
  • What to do: Download and install QuickTime 7.6.7 for Windows or let Apple’s Software Update tool do it for you at your earliest convenience

Exposure:

Late Yesterday, Apple released a security update to fix a single vulnerability in the Windows version of QuickTime, their popular media player. According to Apple, the error logging component in QuickTime suffers from a buffer overflow vulnerability. By luring one of your users into viewing a maliciously crafted movie, an attacker can exploit this buffer overflow to execute code on that user’s computer, with that user’s privileges. Since most Windows users have local administrative privileges, attackers could often leverage this flaw to gain complete control of Windows machines.

Though Apple’s QuickTime update only fixes one security flaw, it is a fairly risky one. If you use QuickTime in your network, we recommend you update it at your earliest convenience

Solution Path:

Apple has released QuickTime 7.6.7 to fix this security issue. Windows administrators who allow QuickTime in their network should download, test, and deploy the updated version at your earliest convenience. By default, Apple’s download bundles iTunes with QuickTime, but because iTunes often has security issues of its own, we recommend that you select the option of downloading QuickTime alone.

For WatchGuard Users:

You can mitigate the risk of this flaw by blocking .mov files with your WatchGuard appliance. QuickTime is primarily used to play .mov files, which is likely the type of movie file an attacker would leverage to exploit this flaw. You can use the HTTP, SMTP, and FTP proxy on some WatchGuard appliances to block files by their extension. If you want to block QuickTime movie files, the links below contain video instructions showing how to block them by extension (.mov). Keep in mind, this technique also blocks legitimate movies as well.

Status:

Apple has released updates to fix these issues.

References:

This alert was researched and written by Corey Nachreiner, CISSP.

No comments yet... Be the first to leave a reply!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 7,560 other followers

%d bloggers like this: