QuickTime plugin MIME type buffer overflow

Added: 11/16/2012
CVE: CVE-2012-3753
BID: 56438
OSVDB: 87088

Background

QuickTime is a media player for Windows and Mac OS platforms.

Problem

A buffer overflow vulnerability in the QuickTime plugin allows command execution when a malicious web site sends a long, specially crafted MIME type.

Resolution

Upgrade to QuickTime 7.7.3 or higher.

References

http://support.apple.com/kb/HT5581

Limitations

Exploit works on QuickTime 7.7.2 on Windows XP SP3 English (DEP OptIn) with Firefox 3.6.25 and 14.0.1 and requires a user to open the exploit page in Firefox.

Platforms

Windows

Back to exploit index