Apple QuickTime TeXML Style Element Buffer Overflow

Added: 12/24/2012
CVE: CVE-2012-3752
BID: 56557
OSVDB: 87087

Background

QuickTime is a media player for Windows and Mac OS platforms.

Problem

Apple QuickTime 7.7.2 and earlier is vulnerable to remote code execution due to a failure to perform appropriate boundary checking. A remote attacker who persuades a vulnerable user to open a specially crafted TeXML file could execute arbitrary code with the rights of the compromised user.

Resolution

Upgrade to Apple QuickTime 7.7.3 or later.

References

http://support.apple.com/kb/HT5581
http://lists.apple.com/archives/security-announce/2012/Nov/msg00002.html

Limitations

This exploit has been tested against Apple Quicktime 7.7.2 on Microsoft Windows XP SP3 English (DEP OptIn).

The user with the vulnerable version of QuickTime must open a specially crafted TeXML file in Internet Explorer 7.

Platforms

Windows

Back to exploit index