Security researchers have identified a fresh vulnerability in QuickTime for Windows, which they claim can allow hackers to take control of infected machines.
Mac users aren’t affected by the flaw, which affects Windows Vista and XP. Details of the exploit are available on the GNUCitizen blog, which describes the problem but not in sufficient detail for malicious users to begin to deploy exploits for this flaw.
In essence it’s the increasingly commonplace tactic of creating a maliciously crafted QuickTime file and hosting it on a website. When a site visitor launches the file, the vulnerability allows a hacker to take complete control of the computer, even enabling them to launch applications. The flaw can also be spread via including the file within emails, or just by opening an infected file on a target desktop.
“The vulnerability is currently held private. The GNUCitizen team is following responsible disclosure practices. Therefore, the vulnerability details will be privately disclosed to the vendor in a short period of time. This advisory is meant to inform the public and raise the consumer’s awareness,” the researchers explained.
The researchers have published a video demonstrating the flaw in action, and Apple has been informed of the problem.