ActiveX Flaw Bugs Apple’s QuickTime

A buffer overrun vulnerability has been detected in the ActiveX component in
Apple’s QuickTime 5.0 media player, which is used to
embed streaming media content in a Web page.

In an advisory
security research firm @stake said the buffer overrun was caused by the way
that the QuickTime ActiveX component handles the “pluginspage” field when
parsed from a malicious remote or local HTML page.

The flaw could result in execution of arbitrary code, the company warned,
urging users to upgrade immediately to the QuickTime 6, which contains a fix.

“To exploit this vulnerability, an attacker would need to get his or her
target to open a malicious HTML file as an attachment to an email message,
as a file on the local or network file system, or as a file via HTTP. Most
likely this would be accomplished by embedding a link to a vulnerable web
site in an email message or another web page. If the malicious HTML file is
opened it will cause QuickTime to execute the arbitrary computer code
contained within the HTML page,” @stake warned.

The company, which notified Apple of the flaw before going public with the
advisory, said Web sites that host the qtplugin.cab file should also upgrade
to QuickTime 6. “You should never open attachments/web pages that come from
unknown sources no matter how benign they may appear. Be wary of those that
come from known sources,” the company warned, noting that downloading the
ActiveX component from any source is a major risk.

@stake said users could also set the “kill bit” for a known vulnerable
ActiveX component by editing the registry to block Microsoft’s
Internet Explorer browser from executing the vulnerable
component. (See directions here).

It is not the first time hackers have targeted popular media players to
distribute malicious code. Earlier this year, RealNetworks
warned of a security exploit affecting its RealPlayer 8
software.

That buffer
overrun flaw, which was tagged as a “medium risk” was found in the Real
Media file format which contained a variety of strings in its header. By
manipulating the way a file is formatted, it is possible to overflow memory
buffers, which store these strings. This could let an attacker run arbitrary
code on a user’s machine, the company warned.

Subsequent upgrades to the RealPlayer software contained fixes for that
vulnerability. Buffer overrun bugs were also found in Microsoft’s Windows Media Player versions 6.4 and 7.0. Those too have
been fixed.