« Texas sized ball of garbage
Sandboxing on Mac OS X Leopard »

WabiSabiLabi so-called QuickTime 0day

http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000185

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6238

http://wabisabilabi.blogspot.com/2007/11/quicktime-zeroday-vulnerability-still.html

There are a number of other links commenting on this story that you can find if you Google. One notable thing that no one seems to notice is that in the comments section of the wabisabilabi blog post, they acknowledge that the bug only affects QuickTime 7.2. 7.3.1 is the current version, and 7.3 was already out when the bug was first put up for auction. Some 0-day.

 2 comments:

Anonymous said...

    Does your issue affect QT 7.3, which is the current version?
    December 3, 2007 8:07 PM
WabiSabiLabi Staff said...

    No, only vulnerable version is 7.2
    December 10, 2007 2:38 PM

Someone ended up buying it for 500 euro. Which is pretty steep, considering QuickTime’s track record, there are probably more bugs in it that are still unpatched.

Tags: , ,

This entry was posted on Sunday, December 16th, 2007 at 3:09 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply