A security researcher has unearthed a buffer overflow remote code execution vulnerability that affects QuickTime on both the Windows and Mac platform.
The QuickTime vulnerability thus far is unpatched. Here are the details courtesy of Auriemma:
The problem is a buffer-overflow which happens during the filling of the LCD-like screen containing info about the status of the connection.
For exploiting this vulnerability is only needed that an user follows a rtsp:// link, if the port 554 of the server is closed Quicktime will automatically change the transport and will try the HTTP protocol on port 80, the 404 error message of the server (other error numbers are valid too) will be visualized in the LCD-like screen.
During my tests I have been able to fully overwrite the return address anyway note that the visible effects of the vulnerability could change during the usage of the debugger (in attaching mode it's everything ok).
The vulnerability impacts versions 126.96.36.199 and lower. Ryan Naraine reports that Symantec DeepInsight has confirmed the vulnerability.
The flaw is in the way that QuickTime handles Real Time Streaming Protocol (RTSP) URL strings. By persuading a user to access a specially crafted QuickTime file, or RTSP stream, a remote attacker may be able to execute arbitrary code or cause a denial of service on a vulnerable system.