Apple QuickTime RTSP URL Buffer Overflow
Vendor:
Apple
Application:
QuickTime 7.1.3 and earlier
Description:
A stack-based buffer overflow occurs when processing a long rtsp:// URL within a QTL file, which is an XML document laid out like the following, according to the published proof-of-concept:
This malicious QTL file may be hosted on a web site, allowing for exploitation across the internet. Other attack vectors may be possible to reach the same vulnerable code in QuickTime which may require less user interaction than this published proof-of-concept.
Severity:
High
Remote Code Execution:
Yes
http://research.eeye.com/html/alerts/zeroday/20070101.html
http://projects.info-pull.com/moab/MOAB-01-01-2007.html
http://www.milw0rm.com/exploits/3064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0015
http://www.milw0rm.com/exploits/3072
Apple
Application:
QuickTime 7.1.3 and earlier
Description:
A stack-based buffer overflow occurs when processing a long rtsp:// URL within a QTL file, which is an XML document laid out like the following, according to the published proof-of-concept:
This malicious QTL file may be hosted on a web site, allowing for exploitation across the internet. Other attack vectors may be possible to reach the same vulnerable code in QuickTime which may require less user interaction than this published proof-of-concept.
Severity:
High
Remote Code Execution:
Yes
http://research.eeye.com/html/alerts/zeroday/20070101.html
http://projects.info-pull.com/moab/MOAB-01-01-2007.html
http://www.milw0rm.com/exploits/3064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0015
http://www.milw0rm.com/exploits/3072
posted by Hardhead | 11:32 PM
0 Comments:
Post a Comment
<< Home