Apple QuickTime Streaming Debug Error Logging Buffer Overflow

Added: 08/05/2010
BID: 41962
OSVDB: 66636

Background

QuickTime is a media player for Windows and Mac OS platforms.

Problem

Apple QuickTime is vulnerable to a stack buffer overflow in QuickTimeStreaming.qtx when processing specially crafted SMIL files. The crafted SMIL files contain an invalid and over-long URL, which prompts QuickTime to write the URL to the error log using a buffer that is too small.

Resolution

Upgrade to a QuickTime version newer than QuickTime 7.6.6 (1671) when it becomes available.

References

http://secunia.com/advisories/40729/

Limitations

Exploit works on Apple QuickTime 7.6.6. It may take longer than usual to establish a shell session because of heap spraying.

Platforms

Windows

Back to exploit index