QuickTime and iTunes DoS exploit released
A new buffer overflow vulnerability could crash the most current version of the applications or allow malicious code to run on a compromised computer. No patch is available.
A serious new flaw was disclosed on Thursday that affects the latest versions of Apple's QuickTime and iTunes applications.
The National Vulnerability Database entry CVE-2008-4116 describes a heap-based buffer overflow vulnerability within Apple's QuickTime 7.5.5 and iTunes 8.0 programs.
To infect a computer, a maliciously coded long-type attribute within a QuickTime tag might be placed on a Web page, or within a .mp4 or .mov file. This could allow remote attackers to crash the applications (known as a denial of service) or possibly execute arbitrary code on a compromised computer.
The announcement comes one week after
At the moment, there is no recommended workaround or patch available for the code exploit.
Apple did not reply to a request for comment.