The details of the vulnerability were covered in my previous post. In this one I would like to briefly talk about the impact.
Obviously, the vulnerability is very simple. Simple yet effective. However, this is not the type of vulnerability someone can exploit on a massive scale. Here is why.
Attack Vectors
The key element of the attack vector presented in my previous post is the attackers’ ability to point the victim to a file hosted on a NETBIOS share. [...]
In this post I intend to give a brief overview of the QuickTime vulnerability which I partially-disclosed over here. I should have made these details public long time ago but better late than never. The vulnerability has been fixed for several months now and I believe it is safe to talk about it in the public.
Let’s start with an example. The following is the source code of a malicious QuickTime SMIL file:
First of all, we start with the SMIL header (SMILtext). [...]
A remote vulnerability exists in the QuickTime player for Windows XP and Vista (latest service packs). Other versions are believed to be affected as well. For now, no details will be released regarding the method of exploitation.
Because we are an active security group and because we encounter some very interesting vulnerabilities in our daily work, we often share our findings with the masses in order to give something back to the community. [...]
test your web apps with websecurify application security testing runtime