XP vulnerability with QuickTime format

See this alert: Microsoft Learn: Build skills that open doors in your career

Does Comodo Internet Security protect against this vulnerability?

If users delete the registry key as suggested in the preferred work-around in the alert above, does the VLC Media Player still work to play QuickTime format?

Does VLC avoid using the DirectShow DLL because it uses Phonon instead? See:

i think kb951698 address this vulnerability

http://support.microsoft.com/kb/951698 is dated November 20, 2008.

The issue I posted:
http://www.microsoft.com/technet/security/advisory/971778.mspx is dated May 28, 2009.

Looks like different issues.

If it is a buffer overflow vulnerability then Comodo will protect you. The articles I found on the Microsoft pages did not say it is a BO problem. I guess it may be wise to follow Microsoft’s advices on how to work around: http://support.microsoft.com/kb/971778 .

I followed Microsoft’s instructions for the interactive method at http://support.microsoft.com/kb/971778
I have the VLC Media Player associated with all its supported formats in Firefox (I declined the Firefox plug-in during VLC install because it doesn’t work well, at least in v0.9.9).
I clicked on a MOV format movie at this site http://www.stockshots.com/SampleFootage.htm
It plays fine!

Good to have a secure way of playing QuickTime files since no one has yet provided a test file that demonstrates CIS’ protection from this vulnerability.

VLC is growing in popularity because it plays files and formats that don’t work on other players. It is open source and free too! I recommend giving VLC a try, even if you have Vista or later.

Apple released an update for Quick Time with version number 7.62.14.0 on June 2. Get it from here: Download QuickTime 7.7.9 for Windows . I don’t know what the change log is.

A Google search for “quicktime 7.6.2 release notes” resulted in this link:

Four of the bugs fixed, which allow arbitrary code execution, are not buffer overflows that would be protected by CIS.

I didn’t see a bug that affects XP and not Vista. So the thread-topic bug may still exist.

I prefer to use VLC Media Player, and uninstall QuickTime, to reduce the chances of being targeted by malware, which generally targets mainstream/popular apps like Windows Media Player, RealPlayer and QuickTime. Also, QuickTime embeds an IE-based browser, which provides another entry method for malware. Finally, QuickTime performs autoupdates by default, so there is a risk of privacy leakage.

Does QuickTime v7.6.2 update the quartz.dll file?
I have not installed QuickTime v7.6.2 on my PC with Win XP Pro SP3, and my C:\WINDOWS\system32\quartz.dll file is version 6.5.2600.5731 with a creation date of April 14, 2008.

If the quartz.dll file has not been updated, media players other than QuickTime and VLC may still be vulnerable.
For example, the codec pack from Portable 64bit codecs for Windows 11 and Windows 10.
using Media Player Classic (see the Tools tab).

It may be necessary to apply the registry work-around to protect other players, but this may also prevent them from playing QuickTime/MOV-format files.

Perhaps you should install it and see if it works. I see you posted this reply in another section of the forum and well if you like using VLC player why not just set Comodo to block Media Player and Quicktime Player from access to the internet? You mentioned something about by default Quicktime does an update well I am not sure about that as if my memory serves me correct somewhere during the installation it should give you the option if you want autoupdate enabled. Well this had occurred when I had installed an older quicktime player and then I went in to check my preferences and the autoupdate was disabled. When I had installed the latest quicktime it simply kept my settings from the previous version so I wouldn’t know if you are asked to enabled autoupdate.

quick question would not defense+ in safe mode give a warning for this like it’s creating a registry direct access to drive ect.

Using the firewall to block access to the internet for WMP and QuickTime Player does not protect against videos that come through email or videos that are downloaded by the web browser before playing them (not using their browser plug-ins). I am learning how to consolidate the number of multimedia viewers needed to play all the popular formats, which includes uninstalling QuickTime Player and Real Player.

My understanding is that the QuickTime Player and Windows Media Player (WMP) are on Comodo’s Safe List, so their default access rights in Defense+ is to allow everything except running an executable or writing to protected registry keys, files or folders. Thus, there is no alert for creating an (unprotected) registry key or direct access to the disk. Note that WMP can play QuickTime-format videos if a codec pack, such as the one I gave above, is added.

I am hoping that someone who has installed QuickTime v7.6.2 will answer my question. I have not installed QuickTime on my new PC because of the issues I mentioned above. My spouse has v7.6 installed, and I am trying to decide whether to update it before uninstalling it entirely. I haven’t decided yet whether to use VLC Media Player or Media Player Classic with Shark007’s codec pack as the main player on both PCs. I will wait for VLC v1.0 to be released to see if it handles older RealVideo files.

ok thanks.
maybe having different safe levels for applications so that a media player cant right to the registry other then it’s own keys. and create files other then temp files in the temp folder would that work?

CIS is very flexible. If you are willing to tolerate some pop-ups during training for the media player, you can achieve better security, without the need to change Defense+ to Paranoid Mode. Change the default action to Ask for all the access rights on the media player. Play some trusted media files, respond to pop-ups with Allow and Remember. After you feel that it is trained, examine the allowed exceptions for each of the access names. Decide whether to change the default action for each access name to Allow or Block given the allowed exceptions. For example, if there are no exceptions, Block will probably work. You may need to manually change certain exceptions to be more general. At this point, you have better security than the default for Defense+ Clean PC Mode or Safe Mode, which allows almost all access rights.

Well as far as I know I’ve never gotten any videos via email so I guess I’m safe at that end and I rarely ever download videos. I mostly just watch videos on youtube.

ok thanks

Well since no one had answered your question I guess I will answer it for you. I have another pc with XP SP3 on it and I installed the latest quicktime on it and the dll file which you speak of was not modified when the new version of quicktime was installed.

Edit: In regard to something else you mentioned in the following quote:

You mentioned about videos being downloaded could still compromise your security. The way I see it is wouldn’t those videos be malware anyways so wouldn’t an antivirus or antispyware eventually pick up such a file as having a virus/malware in it if scanned?

Thanks for answering!

Here is an interesting statement that may answer your question:

On a PC that already had Microsoft’s workaround applied (http://support.microsoft.com/kb/971778), I installed QuickTime v7.6.2. Next, I changed Firefox to associate MOV files with the QuickTime plug-in, and I played an MOV file from this site: http://www.stockshots.com/SampleFootage.htm
The QuickTime plug-in played the video OK within Firefox. I confirmed that the QuickTime install did not add back the removed registry keys.

Since QuickTime works on MOV files even though the quartz.dll file is disabled in the registry, my conclusions are the following:

  1. QuickTime v7.6.2 doesn’t use quartz.dll
  2. Installing QuickTime v7.6.2 doesn’t protect other DirectShow players such a Windows Media Player and Media Player Classic.
  3. The Microsoft workaround doesn’t prevent QuickTime Player from playing MOV videos.
  4. Applying Microsoft’s workaround and installing the VLC Media Player protects against the quartz.dll vulnerability, allows playing MOV videos and allows the QuickTime Player to be uninstalled to avoid other vulnerabilities and performance impacts.

Brilliant deductions dude. Thanks ;D

SilentMusic7 perhaps this method is an alternative in that you set defense+ and firewall to block the other media players while allowing just VLC privilege.