Security researcher Petko D. Petkov (aka pdp) has discovered a gaping hole in fully patched versions of Apple’s QuickTime for Windows Media Player.
The zero-day vulnerability allows an attacker to use rigged movie (.mov) files to take full control of Windows XP and Vista machines.
Petkov (left), an ethical hacker from the GNUCitizen think-tank, provided me with a video showing the attack in action.
In the first scenario, Petkov simply clicked on a “test.mov” file from a Windows XP desktop. Within seconds of the file loading in QuickTime, he was able to launch the Microsoft Paint and Calculator applications on the compromised machine.
On a fully patched Windows Vista box, the exploit worked like a charm, giving Petkov full control of the computer.
Because of vulnerability disclosure complications linked to the controversial Computer Misuse Act in the United Kingdom, Petkov is not sure yet how he will disclose the issue to Apple.
“I am experimenting with various ways of disclusure,” he said in an interview via IM. For this vulnerability, Petkov said he will use vulnerability brokers at VeriSign’s iDefense and TippingPoint’s Zero Day Initiative to report the issue to Apple.