Archive for 2007

Apple QuickTime contains a stack buffer overflow vulnerability in the way it handles the RTSP Content-Type header. This vulnerability may be exploited by specially crafted RTSP stream protocol

Live Example

• GNUcitizen- Backdooring QuickTime Movies
• Apple QuickTime redirection to the RTSP exploit

Elia Florio (Symantec) wrap a good introduction post regarding QuickTime 0 day Exploit.

Known Vulnerabilities Proof of concept (milw0rm).

• Apple QuickTime 7.3 RTSP Response Content-Type Header Stack Buffer Overflow exploit
• Apple QuickTime Remote stack rewrite exploit for Internet Explorer 6 & 7
• Apple QuickTime 7.2/7.3 RTSP Response Universal Exploit (IE7/FF/Opera)
• Apple Quicktime (Vista/XP Sp2 RTSP RESPONSE) Code Exec Exploit

Workarounds

You may try the following workarounds [...]

Recent update on Gmail has to many “Remote call” (AJAX) running (every 10secs) in the background. It will get really slow if you has a large numbers of email and spam. I’m suffering the dreaded “firefox freeze over” syndrome.

Below is a list of addons that will cause “firefox to freezeeeeeeek”.

• Firebug
• Noscripts.

Its advice to disabled both of this addons or revert gmail back to older versions.

uri code to revert gmail to older versions
http://mail.google.com/mail/?ui=1.

As gmail is getting more crappy with “overload features”. I think I should start using thunderbird more often.

p/s: At this time of writing Google Aps Gmail is still with older version so you wont have this issue.

Just after the recent issue on wordpress.com.cn now there is new wordpress imitater. A remote spamware injection by wordpress.net.in

I was reading one of Matt Heaton posted 2 days ago when I found bunch of spamsware link on his wordpress footer.

Matt’s is using default wodpress theme (kubrick) with single javascript for adsense. The only way the spams can get in is probably via php injection or by manual editing. All the spamware is redirect to howardowens.com/?order=XX page