Apple QuickTime Streaming Debug Error Logging Buffer Overflow

2010-08-05T00:00:00
ID SAINT:306CA293A18FB6BD4CD6F9679E3070AF
Type saint
Reporter SAINT Corporation
Modified 2010-08-05T00:00:00

Description

Added: 08/05/2010
BID: 41962
OSVDB: 66636

Background

QuickTime is a media player for Windows and Mac OS platforms.

Problem

Apple QuickTime is vulnerable to a stack buffer overflow in **QuickTimeStreaming.qtx** when processing specially crafted **SMIL** files. The crafted SMIL files contain an invalid and over-long URL, which prompts QuickTime to write the URL to the error log using a buffer that is too small.

Resolution

Upgrade to a QuickTime version newer than QuickTime 7.6.6 (1671) when it becomes available.

References

<http://secunia.com/advisories/40729/>

Limitations

Exploit works on Apple QuickTime 7.6.6. ** It may take longer than usual to establish a shell session because of heap spraying.

Platforms

Windows

**