When I went to the
http://www.seidio.com web site, my spyware program from Symantec indicated the following attack was lanched against my computer; (Information is from Symantec's website -
HTTP Quicktime RTSP URI BO)
HTTP Quicktime RTSP URI BO
Severity: High
This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
Description
This signature detects attempts to exploit a vulnerability in Apple QuickTime that allows an attacker to execute arbitrary code.
Additional Information
Apple QuickTime is prone to a remote buffer-overflow vulnerability. This issue is due to a failure of the application to properly bounds-check user-supplied input prior to copying it to an insufficiently sized stack-based memory buffer.
Specifically, URIs with the 'RTSP' scheme containing specifically formatted excessive data will result in a memory buffer being overrun with attacker-supplied data.n n This issue allows remote attackers to execute arbitrary machine code in the context of the affected application, facilitating the remote compromise of affected computers.
Attackers exploit this issue by coercing targeted users to access malicious HTML or QTL files, or by executing malicious JavaScript code. Any of these methods allow attackers to launch an excessively long RTSP URI, triggering the issue.n n QuickTime version 7.1.3 is vulnerable to this issue; other versions may also be affected.
Affected:
Apple QuickTime Player 7.1.3
Response
Update to the latest version of Quicktime and ensure that all patches are applied.
Possible False Positives
There are no known false positives associated with this signature.
Additional References
CVE-2007-0015
MOAB-01-01-2007: Apple Quicktime rtsp URL Handler Stack-based Buffer Overflow
Apple QuickTime Homepage
SecurityFocus BID: 21829