|01 Sep 2010||#1|
| || |
Old QuickTime flaw exposes IE
A zero-day vulnerability in Apple QuickTime that could allow a remote attacker to take over a computer running Internet Explorer has been reported by security researchers.
The flaw bypasses two commonly used security measures on Windows systems: address space layout randomisation (ASLR) and data execution prevention (DEP), according to Ruben Santamarta, a researcher for Spanish security company Wintercore. "The exploit defeats ASLR+DEP and has been successfully tested on [Windows 7], Vista and XP," said Santamarta in security advisory on Monday.
Santamarta said that Windows 7, Vista and XP machines using IE are vulnerable if the user visits a malicious website. Apple QuickTime 7.x and 6.x code can be exploited through the browser and is vulnerable to an exploit that uses a heap-spraying technique, said the researcher. Heap spraying is a technique which tries to put bytes into the memory of a target process.
|My System Specs|
|Similar help and support threads for2: Old QuickTime flaw exposes IE|
|Security hole exposes Twitter accounts to hacking||Security News|
|Flashback malware exposes big gaps in Apple security response||Security News|
|Doctor Web exposes 550,000 strong Mac botnet||Security News|
|MS SharePoint bug exposes credentials, sensitive data.||Security News|
|Security gone awry: IE 8 XSS filter exposes sites......||Security News|
|MSFT exposes Firefox users to drive-by malware download||System Security|
|Kaspersky breach exposes sensitive database, hacker claims||System Security|
|Our Sites ||Site Links ||About Us ||Find Us |
© Designer Media Ltd
All times are GMT -5. The time now is 05:37 PM.