Old line of code allows backdoor in Quicktime

A ten year old line of obsolete code which has never been removed from Quicktime, has allowed malicious code through the backdoor.

http://www.downloadsquad.com/2010/08/30/quicktime-backdoor-allows-takeover-of-windows-7-machines-ancien/

And then people wonder why I never use Apple products for Windows...

Wowzers I hope this outing makes Apple fix the code (how strange that there's no unpatched security bulletin for this on any of the security boards I frequent)

until today LOL http://secunia.com/advisories/41213/

A further bit of info to cheer us up, what a long list :(

http://secunia.com/advisories/windows_insecure_library_loading/

There's a fix from MS to disable DLL search in the Current Working Directory, a.k.a. CWD.

http://support.micro...2264107&x=9&y=9

Install this, and then:

  1. Open Registry Editor.
  2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
  3. Right-click Session Manager, point to New, and then click Dword Value.
  4. Type CWDIllegalInDllSearch, and then click Modify.
  5. In the Value data box, type FFFFFFFF, and then click OK.

:)