Buffer overflow in Quicktime

Published: 2010-01-17
Last Updated: 2010-01-17 21:25:12 UTC
by Rick Wanner (Version: 2)
2 comment(s)

A Dutch reader, G. Smit, gave us a heads up about a remotely exploitable vulnerability in Quicktime which can be exploited by malformed .mov files.

There is some information available at Offensive-security blog, in Dutch  at security.nl, Fortiguard also shows the vulnerability.  Securityfocus has also updated Bugtraq 32540.

 Although neither Fortiguard or Securityfocus show the latest version of Quicktime, 7.6.5, as being vulnerable,  we are getting reports that the exploit crashes 7.6.5.

  

-- Rick Wanner - rwanner at isc dot sans dot org

2 comment(s)

Comments

Securityfocus lists the latest vulnerable version of Quicktime as Apple QuickTime Player 7.6.4. The latest version available (at the time of writing this comment) from Apple's website for Windows is Apple QuickTime Player 7.6.5
I just tested this on QuickTime 7.6.5, iTunes 9.0.2.25 (according to Apple Software Update these are the latest versions), and Windows Media Player-- all in Windows 7 Ultimate with UAC at it's default...

iTunes crashes and submits the information to Microsoft.

QuickTime closes without any errors or anything (I had to watch it in TaskManager to confirm that it even opened).

WMP shows a black screen (I'm assuming this is because there is no actual movie to be seen).

Have a great day:)
Patrick

(I downloaded the POC Test Package from the exploits-db site and extracted it. Then I went into the "Windows" folder and tried the movie in there.)

Diary Archives