Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Multiple Media Players ((iTunes / QuickTime) - HTTP DataHandler Overflow

🗓️ 15 Jan 2010 00:00:00Reported by Dr_IDEType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 35 Views

Widespread failure in QuickTime Library for handling .MOV files causing memory corruption vulnerability in multiple media player

Code
ScaryMovie Exploit Study
By: Dr_IDE
October, 2009

There is a widespread failure in the way that (.MOV) files are handled by the Quicktime Library. I have attempted to compound my findings on this issue. 

Nearly every (.MOV) enabled application that I tested fell victim to this exploit. This is a local memory corruption vulnerability in the way these programs process a malformed file. I have provided crash logs, register dumps where applicable, sample script and trigger file.

Memory Corruption is repeatable and code execution seems possible. Because this issue affects web browsers it seems that the attack vector will be both Local and Remote.

It should be noted these applications are all registered by default as registered applications for this file type. There is no trickery involved in order to enable these programs to open the malicious file.

List of affected programs that I have verified:
-Tested on Snow Leopard 10.6.1 (All updates as of 10/07/09)
Apple Products (OSX):
	Finder.app              		(Built-in OSX)
 	Garageband 09			        (Latest)
	Grapher.app             		(Built-in OSX)	
	iMovie 8.0				(Latest)
 	iPhoto 8.0                		(Latest)
	iTunes 9.0.1				(Latest)
	iWeb					(Latest)
	Keynote 5.0.3 (791)			(Latest)
	Numbers 2.0.3 (332)		        (Latest)
	Pages 4.0.3 (766)			(Latest)
	Safari 4.0.3				(Latest)
 	Quicktime Player 10       		(Latest)

Third Party Applications (OSX):
 	Cellulo 2.0.2             		(Latest)
	Excel 2008				(Latest)
	HexEdit 2.2				(Latest)
	Mozilla Firefox 3.5.3(OSX)		(Latest)
	Powerpoint 2008			        (Latest)
	VLC 1.0.2 (OSX)			        (Latest)
 	WidescreenPlayer          		(Latest)
	Word 2008				(Latest)
Windows XP Service Pack 3:
	iTunes 9.0.1.8             		(Latest)
	Quicktime 7.3.4            		(Latest)
	MediaPlayerClassic 6.4.9.1	        (Latest)

Not Vulnerable:
	VLC 1.0.2 on Windows seems to not be vulnerable to this.
	Firefox 3.5.3 on Windows crashed once but not reliably.

PoC Packagetx:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/11142.zip (Dr_IDE_ScaryMovie_Study.zip)

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
15 Jan 2010 00:00Current
7.4High risk
Vulners AI Score7.4
quicktime library.mov filesmemory corruptionvulnerabilitymedia playerslocal and remote attack vectorosxwindows xp service pack 3vulnerable programsnon-vulnerable programsexploit study
35