Why is QuickTime so much of a security problem?

By Envergure
Mar 28, 2008
  1. I was reading this article and when I came to where it says last year's winner exploited a QuickTime vulnerability I thought, "how could QuickTime be a security vulnerability?" It seems to me that QuickTime is a media player and shouldn't even have the capacity to send files to a hacker.

    I'm not well-informed on security, so please answer accordingly :)
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

  3. jobeard

    jobeard TS Ambassador Posts: 9,145   +597

    Ok, consider ANYTHING that has animation in it; animated gif, Flash, RealPlayer, Quicktime, ...

    There are two choices to make it work;
    1. embed sequences to be interpreted by some common program
    2. distribute an interpreter inside the file itself

    ALL interpreters are risky and that's why Outlook and Outlook Express are exposed
    to attacks as well. Without disclosing the how-to, special sequences allow operations
    that expose the underlying system and unless extra heavy validations are performed
    for the values used with the sequence, nasty stuff happens.

    The other issue is buffer overflow puts things in a critical location that cause the
    'payload' to be executed when some internal function completes -- thus
    infecting the system.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...