QuickTime PICT PnSize Stack Overflow

Added: 08/29/2011
CVE: CVE-2011-0257
BID: 49144
OSVDB: 74687

Background

QuickTime is a media player for Windows and Mac OS platforms.

Problem

Apple QuickTime versions prior to 7.7 are vulnerable to a stack overflow cause by improper validation of very large values in the the PnSize field of PICT files.

Resolution

Upgrade to Apple QuickTime 7.7 or later.

References

http://support.apple.com/kb/HT4826
http://www.zerodayinitiative.com/advisories/ZDI-11-252/

Limitations

This exploit has been tested against Apple QuickTime Player 7.6.9 on Windows XP SP3 English (DEP OptIn).

Platforms

Windows

Back to exploit index