Apple QuickTime RTSP buffer overflow

On January 5, 2007, the US Computer Emergency Response Center issued a notification about an Apple QuickTime RTSP buffer overflow. This error affects Apple QuickTime running on Apple Mac OS X and Microsoft Windows operating systems. And they recommend that other software and iTunes using QuickTime components are also affected .

In general terms, Apple QuickTime includes a buffer overflow in managing RTSP URLs. This may allow a remote attacker to attack the system vulnerability. This vulnerability exists in a way that Apple QuickTime manages Real Time Streaming Protocol (RTSP) URLs manually. The exploited code has been released so people can know how it works but even so the Center recommends that people still have to leave the room for possible other attacks in:

- The page uses QuickTime plug-in or ActiveX control
- The page uses rtsp: // protocol
- File associated with QuickTime Player

The Center warns that this vulnerability affects QuickTime running on Microsoft Windows and Apple Mac platforms. But pages can also be used as attack methods, these types of vulnerabilities do not depend on which specific browser is used. By convincing users to open a specific QuickTime content, a remote or unauthorized attacker can break through the system vulnerability.

The Center has also studied a solution to this problem as follows:

Disable QuickTime ActiveX controls in Internet Explorer

The vulnerabilities in QuickTime ActiveX controls can be disabled in Internet Explorer by setting 'kill bit' for CLSIDs below:

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
{4063BE15-3B08-470D-A0D5-B37161CFFD69}

The following paragraph can be saved as a .REG file and imported to set 'kill bit' for these controls:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}]
"Compatibility Flags" = dword: 00000400

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility {4063BE15-3B08-470D-A0D5-B37161CFFD69}]
"Compatibility Flags" = dword: 00000400

Disable QuickTime plug-in for Mozilla's browsers

Users of Mozilla browsers such as Firefox can disable the QuickTime plugin as instructed in Uninstalling Plugins.

Disable files associated with QuickTime files

Disable these files to prevent Windows applications from using Apple QuickTime to open QuickTime files. This method can be done by deleting the registry keys below:

HKEY_CLASSES_ROOTQuickTime. *

This deletion will eliminate the alignment of approximately 32 types of configuration files to open the QuickTime Player software.

Disable JavaScript

You can refer to how to disable JavaScript in the Securing Your Web Browser article. This way you can fight the attack using QuickTime plug-in or ActiveX control.

Do not access QuickTime files from untrusted sources

Attackers can place dangerous QuickTime files on websites. To convince users to access these pages, they often use a variety of different techniques to create incorrect links including URL encoding, changing IP addresses, long URLs and major errors. deliberately described. Do not click on unsolicited links received in email, IM, web forum or Internet Relay Chat (IRC) channels. You should type it directly into the browser to avoid these wrong links.