Security firm Secunia has reported an “extremely critical” vulnerability in media-streaming program Apple QuickTime. This flaw, which affects the latest versions of QuickTime, 7.x, which has not been patched and could allow a hacker to gain remote control of an affected system. It lies in a boundary error where the program processes Real Time Streaming Protocol (RTSP) replies, according to Secunia’s advisory published on Monday.
RTSP allows a client to a remotely control video streams.
Working exploit code is in the wild, said Secunia and has linked the details to the code to another security research site, milw0rm, which is where the vulnerability initially recorded by Polish security researcher Krystian Klowskowski.
According to Kloskowski, exploit code can be executed on Windows Vista and Windows XP Service Pack 2. Secunia is advising that users do not browse untrusted websites, follow untrusted links or open untrusted QuickTime Media Link files.