QuickTime Movie File dref Atom Handling Buffer Overflow

Added: 08/01/2013
CVE: CVE-2013-1017
BID: 60097
OSVDB: 93625

Background

QuickTime is a media player for Windows and Mac OS platforms.

Problem

Apple QuickTime before 7.7.4 is vulnerable to remote code execution due to a failure to perform appropriate validation of user supplied input. A remote attacker who persuades a vulnerable user to open a movie file with specially crafted dref atoms could execute arbitrary code with the rights of the compromised user.

Resolution

Upgrade to Apple QuickTime 7.7.4 or later.

References

http://support.apple.com/kb/HT5770

Limitations

This exploit was tested against Apple QuickTime 7.7.3 on Windows XP SP3 English (DEP OptIn).

The user must open the exploit in Internet Explorer 8.

Platforms

Windows

Back to exploit index