New QuickTime 7.5.5 and iTunes 8 Exploits

A new exploit for the latest version of Apple's Quicktime and iTunes products has been publicly published. So far, this exploit is minor in scope, as it can only alter cookie files and cause the new product version to crash. Users should follow further developments and ensure the music and media files they are using are safe.  AV protection is also emerging for this new exploit.

New QuickTime 7.5.5 and iTunes 8 Exploits
http://www.avertlabs.com/research/blog/index.php/2008/09/18/the-true-of-recent-0day-for-quicktime755itunes80/
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9114999

QUOTE: A 0day exploit for the latest Quicktime7.5.5/Itunes8.0 was released yesterday. The exploit author announced this as a Remote Heap Overflow so we decided to take a look and analyze it. After our research, we found that this is actually an off-by-one stack overflow. Some noteworthy points are:

1. QuickTime has the /GS switch option enabled, hence a cookie is put into the stack.

2. Since this is an off-by-one stack overflow, the attacker can just overwrite one byte of the cookie. The Check_stack_cookie function is called when the function returns, If the Check_stack_cookie found out that the cookie is not matched, then the program exits. This results in the crash of QuickTime/Itunes application.

Hence, it is unlikely that code execution via this attack vector would be feasible. Users of these apps however should take them seriously and look at appropriate defenses.