ASLR is a Vista security feature that randomly assigns data and application components, such as. An attack that failed would likely only crash QuickTime.Ī gaffe by Apple’s developers, however, makes attack easier on Vista, said InTeL, who claimed that the QuickTimePlayer binary does not have Address Space Layout Randomization (ASLR) enabled. By Saturday, Kloskowski and an unnamed researcher identified as "InTeL" had followed up with separate proof-of-concept examples that executed on Windows XP SP2 and Windows Vista machines running QuickTime 7.2 or 7.3.Ī successful exploit would let the attacker install additional malware - spyware or a spambot, say - or cull the system for information like passwords. Symantec credited Polish research Krystian Kloskowski with first reporting the zero-day vulnerability on the Web site Friday.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |