QuickTime MOV file udta Atom buffer overflow

Added: 05/24/2006
CVE: CVE-2006-1460
BID: 17953
OSVDB: 25509

Background

QuickTime is a media player for Windows and Mac OS platforms.

Problem

A buffer overflow in QuickTime allows command execution by a specially crafted Movie (MOV) file containing a long udta Atom.

Resolution

Upgrade to QuickTime 7.1 or higher.

References

<http://docs.info.apple.com/article.html?artnum=303752&gt;

Limitations

Successful exploitation requires a user to save the movie file and open it in QuickTime. Exploit works on QuickTime 7.0.4. Due to the nature of the vulnerability, the success of the exploit depends on the state of the system.

Platforms

Windows