Quicktime zeroday vulnerability still zeroday

This morning we opened our favourite RSS reader and we found out a post about one of the vulnerabilities in our marketplace, the Quicktime client-side vulnerability.

As reported by Errata Security Blog, during the last few days some exploit codes for a Quicktime vulnerability have been posted.

What they say about one of the POC is:

"An interesting note is the most robust of the exploits makes a derogatory mention of WabiSabiLabi Labs, the exploit auction site. WabiSabiLabi has a QuickTime exploit for sale now that lists QuickTime 7.2 and Windows XP as the targets. You have to wonder if this is another case of a researcher using vague details to find the same vulnerability."

We just want to specify that the vulnerability shown on those POCs IS NOT the one present in our marketplace.

So, if you are interested in receiving some more details about the vulnerability we proposed don't hesitate to contact us and if you are interested in buying it, make a bid!


Anonymous said...

Does your issue affect QT 7.3, which is the current version?

WabiSabiLabi Staff said...

No, only vulnerable version is 7.2