Security researchers warn that attack code targeting an unpatched bug in Apple Inc.’s QuickTime has gone public, and added that in-the-wild attacks against systems running Windows XP and Vista are probably not far behind.
There was no word as of Sunday whether the Mac OS X versions of the media player are also vulnerable.
The critical bug in QuickTime 7.2 and 7.3 (and perhaps earlier editions as well) is in the player’s handling of the Real Time Streaming Protocol (RTSP), a audio/video streaming standard. According to alerts posted by Symantec Corp. and the U.S. Computer Emergency Readiness Team (US-CERT), attackers can exploit the flaw by duping users into visiting malicious or compromised Web sites hosting specially-crafted streaming content, or by convincing them to open a rigged QTL file attached to an e-mail message.
QuickTime, Bug, Exploit, Vulnerability, Windows XP, Windows Vista, Microsoft, Apple