Apple QuickTime SetLanguage Overflow
Added: 07/25/2012CVE: CVE-2012-0666
BID: 53577
OSVDB: 81937
Background
Apple QuickTime is a media player for Windows and Mac OS platforms.Problem
The QuickTime player browser plugin does not properly validate the language field in QT Movie files. If a malicious QT Movie file were opened via a browser, this could trigger a stack overflow and give an attacker the ability to execute arbitrary code on the target's system.Resolution
Upgrade to Apple QuickTime Player 7.7.2 or higher.References
http://www.zerodayinitiative.com/advisories/ZDI-12-125/http://lists.apple.com/archives/security-announce/2012/May/msg00005.html
Limitations
This exploit has been tested against Apple QuickTime 7.7.1 on Windows XP SP3 English (DEP OptIn). The HTML page must be opened using Internet Explorer 8 on the target.Platforms
WindowsBack to exploit index