14 DAY TRIAL // QuickTime is regarded as one of the most popular multimedia players on the market, being developed by Apple and available on multiple platforms including Mac, Linux and Windows. Although some users might think that a multimedia player is completely secure, Apple released a security advisory to announce 8 vulnerabilities in the QuickTime player. All the security flaws were confirmed in the old versions of the applications, being addressed to Windows, Linux and Mac platforms.
"An integer overflow exists in QuickTime's handling of 3GP video files. By enticing a user to open a malicious movie, an attacker can trigger the overflow, which may lead to an application crash or arbitrary code execution. This update addresses the issue by performing additional validation of 3GP video files. This issue does not affect Mac OS X. Credit to JJ Reyes for reporting this issue," Apple sustained in the first security advisory for Windows 2000, XP and Vista.
"A heap buffer overflow exists in QuickTime's handling of MIDI files. By enticing a user to open a malicious MIDI file, an attacker can trigger the overflow, which may lead to an application crash or arbitrary code execution. This update addresses the issue by performing additional validation of MIDI files. Credit to Mike Price of McAfee AVERT Labs for reporting this issue," the company added.
The exploitation of the issue is quite simple: the attacker creates a malicious 3gp file that is distributed via email, file sharing application or other ways for file distribution. Once the user opens the movie, his computer can be controlled by the hacker using a simple remote connection.
The only solution presented by Apple is to update to the latest version of the application, currently 7.1.5. If you want to install the latest version of QuickTime for Windows, you can download it from Softpedia.