Submission + - Unpatched QuickTime-to-Firefox flaw dings IE too (zdnet.com)
SlashNot writes: Security researcher Aviv Raff has found a way to use the one-year-old (and still unpatched) QuickTime vulnerability to automate XAS (cross application scripting) attacks against users of Microsoft's Internet Explorer.
To demonstrate the attack scenario, Raff embedded a rigged QuickTime file on Google's BlogSpot to force a Skype shutdown if an IE user is tricked into visiting that Web page. Any limited Web environment that allows embedded QuickTime files can be used to host an attack against IE, Raff said.