The attack was originally demonstrated on a system running Apple's Safari browser. It was found to affect Firefox on both Windows and Mac OS X systems.
However, Terri Forslof, security response manager at Tipping Point, told VNU that by adjusting the target address of the exploit, the company's DV Labs was able to execute the exploit in both Internet Explorer 6 and 7.
"This is going to affect all Java-enabled browsers," said Forslof.
Tipping Point acquired the details of the vulnerability as part of a US$10,000 hacking challenge.
The original vulnerability discovery and exploit development were credited to independent researcher Dino Dai Zovi.
The exploit was written for a hacking contest at the conference in which researchers were challenged to break in to a fully patched MacBook Pro system.
Forslof said that the vulnerability can be mitigated by disabling Java within the browser or by deleting the QTJava.jar file.
A spokesperson for Microsoft told VNU that the company has not found any specific flaws in Internet Explorer that allow for the attack. Microsoft suggests that users look to Apple for a fix.
QuickTime vulnerability expands to IE
By
Shaun Nichols
on Apr 26, 2007 1:00PM
A QuickTime vulnerability unearthed last Friday also infects Microsoft's Internet Explorer browser.
