Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Buffer overflow in Quicktime - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Buffer overflow in Quicktime

A Dutch reader, G. Smit, gave us a heads up about a remotely exploitable vulnerability in Quicktime which can be exploited by malformed .mov files.

There is some information available at Offensive-security blog, in Dutch  at security.nl, Fortiguard also shows the vulnerability.  Securityfocus has also updated Bugtraq 32540.

 The guidance seems to be to update to the latest version of Quicktime, 7.6.5.  Unfortunately, there does not appear to be an updated Mac version yet.

  

-- Rick Wanner - rwanner at isc dot sans dot org

Rick

290 Posts
ISC Handler
Securityfocus lists the latest vulnerable version of Quicktime as Apple QuickTime Player 7.6.4. The latest version available (at the time of writing this comment) from Apple's website for Windows is Apple QuickTime Player 7.6.5
Anonymous
I just tested this on QuickTime 7.6.5, iTunes 9.0.2.25 (according to Apple Software Update these are the latest versions), and Windows Media Player-- all in Windows 7 Ultimate with UAC at it's default...

iTunes crashes and submits the information to Microsoft.

QuickTime closes without any errors or anything (I had to watch it in TaskManager to confirm that it even opened).

WMP shows a black screen (I'm assuming this is because there is no actual movie to be seen).

Have a great day:)
Patrick

(I downloaded the POC Test Package from the exploits-db site and extracted it. Then I went into the "Windows" folder and tried the movie in there.)
Anonymous

Sign Up for Free or Log In to start participating in the conversation!