The first glitch was the famous (in some circles) '_Marshaled_pUnk' vulnerability. Apple left this value in QuickTime for Windows as a valid parameter, but removed the code to handle it. This allowed an attacker to place their own code to run. Check out a video of the vulnerability in action below.
Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com
The second issue is described as "Viewing an image in a maliciously prepared directory." What it seems to be is the Windows malicious DLL loading problem as implemented in the QuickTime Picture Viewer. Apple removed the current working directory from the search path to fix the bug.
No comments:
Post a Comment