Now PATCHED: QuickTime Player Streaming Debug Error Logging Buffer Overflow

Those using iTunes should know that QuickTime is included and necessary for its proper function, and is integrated into your browser(s). I could find no way to disable it. Thus all my browsers are also at high risk, according to Secunia PSI.

Those using a standalone QuickTime Player should consider uninstalling it in Control Panel/Add or Remove Programs, and re-installing when a patch is released. My understanding, from previous similar advisories, is that merely switching to another media player as default will not mitigate this vulnerability if you surf to a malicious website.

Otherwise, as they say, "avoid visiting untrusted websites".

As for me, Im surfing in Sandboxie til this is fixed.

Joe53, What is Sandboxie?

Joe53, What is Sandboxie?

Annie:

Sandboxie is a 3rd party program that allows you to run just about any Windows program in a virtual environment (a "sandbox") that allows it to read all your computer files but not to make any changes to your computer files or registry. It is like running a program in a quarantined environment, that prevents malware from infecting your PC.

In the context of running a browser sandboxed, it will prevent any drive-by malware from a malicious website from infecting your computer. And as even trusted websites are increasingly being hacked these days, it's not a bad way to surf. I've been using it for 'read-only' web-surfing for several months now without any problems.

A good brief review is here:
http://esecurityplanet.com/features/article.php/3842331/Sandboxie-Blocking-Web-Based-Malware-From-Your-PC.htm

A good 3 part video review by Matt Rizos on its use is here:
http://www.youtube.com/mrizos#p/u/63/GueXMq-Vyi8

A full one-time paid lifetime version (with a 30 day free trial) is available, which reverts to a limited but still functional free version thereafter if not purchased.
http://www.sandboxie.com/

Not sure if this is the same, or another, vulnerability in QuickTime 7.6.6

QuickTime Player Allows Movie Files to Trigger Malware Download

Not sure if this is the same, or another, vulnerability in QuickTime 7.6.6 QuickTime Player Allows Movie Files to Trigger Malware Download July 30th, 2010 by Marco Dela Vega (Senior Threat Researcher) Quicktime Player (version 7.6.6) allows movie files to trigger download of files, and cybercriminals are using this to download malware from malicious websites. Trend Micro Threat Research Engineer Benson Sy encountered two .MOV files (001 Dvdrip Salt.mov, salt dvdrpi [btjunkie][xtrancex].mov) that both used the recent movie, Salt of Angelina Jolie. It looks suspicious enough because of its relatively small size compared to regular movie files. When the movie files are loaded to Quicktime player, it doesn’t show any live action scenes but leads users to download malware pretending to be either an update codec or another player installation. It is still under investigation whether the malware is using vulnerability or a known functionality to download the malware. continued at http://blog.trendmicro.com/quicktime-player-allows-movie-files-to-trigger-malware-download/#ixzz0vC6vjrVChttp://blog.trendmicro.com/quicktime-player-allows-movie-files-to-trigger-malware-download/