All Windows Users at Risk of Quicktime Flaw

Shortly after announcing a severe iTunes flaw that affects over 40 Windows applications just last week, it now appears Apple's popular media player, QuickTime, also includes a flaw that could be exploited by hackers to execute malicious code on PCs using the Windows operating system (OS).

Even systems running more recent versions of the OS, Windows Vista and Windows 7, are vulnerable.

"At present the security vulnerability seems to be with users that run Internet Explorer. Given the relative ease with which [the exploit was demonstrated], the chance for drive-by [download] attacks to succeed is high," says tech blog The Inquirer. (Source: theinquirer.net)

Flaw "Probably an Oversight"

The QuickTime weakness is related to an unused parameter called "Marshaled_pUnk," added by an Apple developer to the program's code base and, presumably, forgotten even after it was no longer needed.

Surprisingly, the parameter which causes the flaw isn't new. In fact, experts estimate that it's been sitting around undetected in QuickTime code for almost a decade. (Source: computerworld.com)

That was, of course, until it was discovered this week by security analyst Ruben Santamarta, a researcher with the Spanish firm Wintercore. A curious Santamarta tested the exploit and found it could be used to hijack and overtake a PC running Windows 7.

A Bizarre Bug

Experts are floored that this old flaw could still pose such a risk to Windows users. "The bug is is pretty bizarre," said H D Moore, Rapid7 CSO and chief architect of the Metasploit project.

"It's not a standard vulnerability in the sense that a feature was implemented poorly. It was more kind of a leftover development piece that was left in production. It's probably an oversight." (Source: theregister.co.uk)

Microsoft Defenses Useless

The presence of pUnk in the code means that an attacker could use the backdoor as a way to insert malicious code into a computer's memory.

Although Microsoft has built features into Windows that essentially block these kinds of attacks, Santamarta recognized that the QuickTime flaw circumvents these protection strategies by loading a Windows Live file called WindowsLiveLogin.dll into a system's memory in order to rearrange commands, which could allow for remote code execution.

Security firm Symantec advises that users worried about the issue can disable the QuickTime plug-in until a patch is available. (Source: symantec.com)