Security Hole in Windows' QuickTime Player

Zonoprh writes "A Security Hole was found in QuickTime player that allows attackers to compromise a user's system with a malicious URL. The hole is fixed in QuickTime 6.1 available here. Until then, hold off on playing "unusually" enticing QT files."

Only quicktime on Windows is vulnerable

[nebbian]

So although it's an Apple product, it's really windows where the fault lies. From the article:

When processing a QuickTime URL, the application is launched in the following manner as can be seen from the Windows registry key HKEY_CLASSES_ROOT/quicktime:

%PATH TO QUICKTIME%\QuickTimePlayer.exe -u"%1"

A URL containing 400 characters will overrun the allocated space on the stack overwriting the saved instruction pointer (EIP). This will thereby allow an attacker to redirect the flow of control. An example URL that will cause QuickTime player to crash is:

quicktime://127.0.0.1/AAAA...

Where the character 'A' is repeated 400 times.

Had windows used a decent method of starting applications (instead of some stupid extension to DOS) then this overflow wouldn't happen. Yes, yes, I know, Apple should have checked for this overflow. However 1 kludge + 1 workaround != 1 good system.
*sigh*

Also a QuickTime on Mac OS X Software Update

[Hi+Larry!]

QuickTime 6.1.1 is also available on software update. Seems to container mpeg 4 streaming bug fixes.

Um... a bit dated

[RalphBNumbers]

Since when do notices of security holes that have been fixed for months rate /. articles?

OS X Version Update available as well

[coldcup]

From software update:
QuickTime 6.1.1 delivers important bug fixes to MPEG-4 streaming.