iTWire - Symantec: Second PoC for QuickTime vulnerability

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

Information Technology News

Symantec: Second PoC for QuickTime vulnerability

Symantec: Second PoC for QuickTime vulnerability

E-mail

by Stephen Withers
Thursday, 29 November 2007
A second proof-of-concept exploit for the QuickTime RTSP vulnerability has been identified by Symantec's security response team. Featured Whitepaper 5 Best Practices for Smartphone Support The unfortunately named Quimkids Trojan relies on a specially modified RTSP server. It works by using JavaScript to send shell code to the target system while the RTSP server sends a stream that overwrites the QuickTime stack and triggers the stored shell code. Since the attack relies on Internet Explorer, it is specific to Windows XP and Vista. This approach makes it easier to deliver whatever shell code the attacker chooses, but it will not work on an unmodified RTSP server. Symantec has assigned Quimkids its lowest risk level as it has been found on a very small number of sites and is easily contained and removed. Symantec currently recommends sites block RTSP completely unless is it specifically required, disable the QuickTime ActiveX controls in Internet Explorer and the plug-in for Firefox, disable JavaScript (this is a tall order given that even Symantec's web site uses JavaScript), and (as always) users should avoid untrusted QuickTime files. Tags See All Tags Apple Malware Microsoft Open Source Software Stephen Withers Vista Windows Powered By Joomla Tags Please enable JavaScript in your browser to post your comment!

< Next story in category		Previous story in the category >

Sponsored Releases

progeCAD 2009 Free 2010 Version Upgrades Offer from CADDIT.net

Virtual Computer brings reduced desktop management costs to Australia

NETSUITE ANNOUNCES Q3 09 RESULTS

AVG (AU/NZ) Wins Computer Troubleshooters Vendor of the Year Award for the Second Year

Mobile & Wireless VoIP on the Apple iPhone

AVG (AU/NZ) Growing Fast in an Economy Looking for Security

...Promote your press-releases here

Latest jobs

Assistant Documentation Developer - Macros, Templates
Server Specialist/Team Leader
Database Guru - Sybase / MS Server / SQL DB
Mainframe Customer Support Manager
Network Architect / Team Leader
Senior Performance Tester
Senior SAP FICO Analyst
Test Lead
Murex Analyst Programmer
Technical Consultant

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Business & IT Transformation Roles

Systems Analysts	Business Process Analysts
Test Analysts	Business Analysts
Business Readiness Analysts

Project C

stats for wordpress

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking