Zero-Day Vulnerability Reported in Apple's QuickTime for Windows ... - InformationWeek

GNUCitizen, a computing machine security consultancy, on Friday in Apple's QuickTime mass media participant for Windows XP and Windows Vista.

"A distant exposure bes in the QuickTime participant for Windows XP and View (latest service packs)," said company laminitis Petko D. Petkov in a blog post. "An aggressor could work the exposure by constructing a specially crafted QuickTime supported mass mass media register that lets distant codification executing if a user visited a malicious Web site, opened a specially crafted fond regard in e-mail, Oregon opened a maliciously crafted media register from the desktop."

Petkov said that if the malicious data file was opened by logged-in user with administrative privileges, the aggressor could take control of the affected system.

"The exposure was successfully tested in Windows XP SP2 and Windows View SP1 environments," Petkov said, adding that other versions of QuickTime are believed to be exploitable too.

Petkov said that in keeping with responsible revelation practices, his grouping will do the privately held exposure known to Apple. He did not state whether inside information of the onslaught would be made public after Apple have had a opportunity to piece the vulnerability.

GNU Citizen have posted a demonstrating that onslaught on its Web site.

Earlier this month, Apple released QuickTime 7.4.5, which contained .

In January, Italian security research worker Luigi Auriemma posted a proof-of-concept work for a zero-day exposure in what was then the most current version of Apple's QuickTime mass media software system (7.3.1).