SonicWALL Provides Protection Against Exploits of Apple QuickTime Zero-Day Vulnerability
A zero-day stack-based buffer overflow vulnerability in QuickTime, an audio/video application developed by Apple Computer, is currently being exploited by a malicious web site claiming to host a legitimate QuickTime movie. Using a newly published proof-of-concept exploit code, control of the visitor's machine can be taken over.
The problem lies within the 'Content-Type' header field sent by the server, which is not properly checked by the visitor's QuickTime application. When the length of the 'Content-Type' field exceeds a certain length, a Buffer Overflow condition occurs. By carefully constructing the string sent to the application, the malicious server can obtain user privileges on the visitor's machine.
Both Windows and Mac OS users are vulnerable to this exploit since Apple's QuickTime media player can be used on both PCs and Macintoshes.
Apple iTunes installations are also affected by this vulnerability because QuickTime is a component of iTunes.
Users of SonicWALL's dynamic threat prevention services are currently protected by the following signatures:
IPS
1875 Apple QuickTime RTSP Content-Type Header BO Attempt 1
1936 Apple QuickTime RTSP Content-Type Header BO Attempt 2
1937 Apple QuickTime RTSP Content-Type Header BO Attempt 3
GAV
Quimkit#mov
VML.G
SonicWALL has developed unique technologies to deliver gateway anti-virus, anti-spyware and intrusion prevention signatures to its subscribers on a continual basis, allowing them to protect against exploits of zero-day vulnerabilities as well as attacks and threats such as phishing, viruses, DHA or DoS attacks and more.
Further information on this and other vulnerabilities is available at: https://www.mysonicwall.com/SonicAlert/index.asp
For more information, visit:
http://www.sonicwall.com
| 
| 
| 
| 
| 
| 
| 
|
|
|
|
| |