Another QuickTime code execution flaw surfaces

A security researcher has unearthed a buffer overflow remote code execution vulnerability that affects QuickTime on both the Windows and Mac platform.The flaw was published Thursday by Luigi Auriemma, who has been busy of late, is the latest in a series of QuickTime issues.

A security researcher has unearthed a buffer overflow remote code execution vulnerability that affects QuickTime on both the Windows and Mac platform.

The flaw was published Thursday by Luigi Auriemma, who has been busy of late, is the latest in a series of QuickTime issues. Will someone at Apple get us rewrite already?

The QuickTime vulnerability thus far is unpatched. Here are the details courtesy of Auriemma:

The problem is a buffer-overflow which happens during the filling of the LCD-like screen containing info about the status of the connection.

For exploiting this vulnerability is only needed that an user follows a rtsp:// link, if the port 554 of the server is closed Quicktime will automatically change the transport and will try the HTTP protocol on port 80, the 404 error message of the server (other error numbers are valid too) will be visualized in the LCD-like screen.

During my tests I have been able to fully overwrite the return address anyway note that the visible effects of the vulnerability could change during the usage of the debugger (in attaching mode it's everything ok).

The vulnerability impacts versions 7.3.1.70 and lower. Ryan Naraine reports that Symantec DeepInsight has confirmed the vulnerability.

And U.S. CERT has added in a post:

The flaw is in the way that QuickTime handles Real Time Streaming Protocol (RTSP) URL strings. By persuading a user to access a specially crafted QuickTime file, or RTSP stream, a remote attacker may be able to execute arbitrary code or cause a denial of service on a vulnerable system.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All