The QuickTime RTSP vulnerability reported on 23th Nov is not the only unpatched remote vulnerability in QuickTime player.
It appears that WabiSabiLabi team has reported that there is another (they call it zero-day vuln) flaw too, affecting to XP systems: http://wabisabilabi.blogspot.com/2007/11/quicktime-zeroday-vulnerability-still.html The CVE name for this second issue reported by unknown person is CVE-2007-6238 and the CVSS score is 10.0, in turn. A summary with more references here: http://blogs.securiteam.com/?p=1046 - Juha-Matti _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
