Apple Quicktime hit by new proof-of-concept exploit

Apple's Quicktime media player has been hit by another security flaw, although this time around it's a proof-of-concept issue that has been discovered by a Polish researcher.

Krystian Kloskowski claims that the RTSP - real-time streaming protocol - feature of Quicktime can be exploited to launch a stack-based buffer overflow that allows a remote infection to take place.

The slightly bad news is that the exploit has the same privilege level as the user who is logged on and running Quicktime - another reason not to use admin settings on a Windows PC -Ed.

Unconfirmed reports suggest that only QuickTime version 7.3 is affected by the problem, which can be triggered using an email attachment or when accessing a compromised Web site.

The irony of the situation is that v7.3 was released on November 5 by Apple to counter several known security issues with earlier versions of the Apple media application...