McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

An unpatched vulnerability was published on January 11, 2005. This is a generic detection for the vulnerability described in CVE-2005-2340 .

Exploit-QtPICT files may be hosted on web sites, or file shares. Opening of these files through QuickTime PictureViewer or HTML plugin, may result in remote denial-of-service or arbitrary code execution on Windows and Mac OS X operating systems.

At the time of writing, the current version of the application is still vulnerable to this trojan.

Further information on this vulnerability:

• Apple Security Updates
• CVE-2005-2340

Initial detection is limited to the command-line and gateway scanners.  This will be expanded in future DAT releases.

Symptoms

Vary. This detection covers JPEG files that may have the .PICT file extensions attempting to exploit a QuickTime vulnerability.  This can result in arbitrary code execution; meaning that any number of events may subsequently take place on a compromised system.

Method of Infection

This threat is likely to be delivered when viewing a website hosting the malicious code.

Removal

At the time of writing, QuickTime 7.0.4 is still vulnerable to this trojan. New security updates may be posted at the Apple Security website:

http://docs.info.apple.com/article.html?artnum=61798

McAfee DAT files
The current DAT files contain detection of threats attempting to exploit this vulnerability.

McAfee Entercept
McAfee Entercept blocks code execution as a result of the buffer overflow.

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

Characteristics -

An unpatched vulnerability was published on January 11, 2005. This is a generic detection for the vulnerability described in CVE-2005-2340 .

Exploit-QtPICT files may be hosted on web sites, or file shares. Opening of these files through QuickTime PictureViewer or HTML plugin, may result in remote denial-of-service or arbitrary code execution on Windows and Mac OS X operating systems.

At the time of writing, the current version of the application is still vulnerable to this trojan.

Further information on this vulnerability:

• Apple Security Updates
• CVE-2005-2340

Initial detection is limited to the command-line and gateway scanners.  This will be expanded in future DAT releases.

Symptoms

Symptoms -

Vary. This detection covers JPEG files that may have the .PICT file extensions attempting to exploit a QuickTime vulnerability.  This can result in arbitrary code execution; meaning that any number of events may subsequently take place on a compromised system.

Method of Infection

Method of Infection -

This threat is likely to be delivered when viewing a website hosting the malicious code.

Removal -

Removal -

At the time of writing, QuickTime 7.0.4 is still vulnerable to this trojan. New security updates may be posted at the Apple Security website:

http://docs.info.apple.com/article.html?artnum=61798

McAfee DAT files
The current DAT files contain detection of threats attempting to exploit this vulnerability.

McAfee Entercept
McAfee Entercept blocks code execution as a result of the buffer overflow.

Variants

Variants -

N/A