Four days after news of the recent Apple QuickTime vulnerabilitybegan to spread, a new proof-of-concept exploit, with a twist, has beenpublished. While the shell code in the previous exploit was containedwithin a malicious RTSP data stream, this time the shell code is sentvia JavaScript, separate from the stream.
Let’s break down how this might play out. A client requests a Webpage from a malicious site. The page that is sent contains maliciousshell code and a request for a QuickTime movie. If the client is usingInternet Explorer, the shell code is written to a heap area for lateruse. Meanwhile, the browser receives the QuickTime movie and then opensit with QuickTime, creating an RTSP stream to the malicious server.Only the RTSP server in this scenario is hosting a hacked version,which actually sends back a stream that...
