InfoSec Handlers Diary Blog - Buffer overflow in Quicktime

SANS Site Network
- Current Site
- Internet Storm Center
- Other SANS Sites Help
- Graduate Degree Programs
- Security Training
- Security Certification
- Security Awareness Training
- Penetration Testing
- Industrial Control Systems
- Cyber Defense Foundations
- IT Audit
- Computer Forensics
- Software Security
- Government OnSite Training

InfoSec Handlers Diary Blog

Buffer overflow in Quicktime

Published: 2010-01-17
Last Updated: 2010-01-17 21:25:12 UTC
by Rick Wanner (Version: 2)

A Dutch reader, G. Smit, gave us a heads up about a remotely exploitable vulnerability in Quicktime which can be exploited by malformed .mov files.

There is some information available at Offensive-security blog, in Dutch at security.nl, Fortiguard also shows the vulnerability. Securityfocus has also updated Bugtraq 32540.

Although neither Fortiguard or Securityfocus show the latest version of Quicktime, 7.6.5, as being vulnerable, we are getting reports that the exploit crashes 7.6.5.

-- Rick Wanner - rwanner at isc dot sans dot org

Keywords: quicktime vulnerability

2 comment(s)

SANS DEV522: Defending Web Applications Security Essentials. Language agnostic techniques to secure web applications. For Developers, system administrators, project managers and QA testers.

Top of page

Diary Archives