Apple QuickTime SetLanguage Overflow

2012-07-25T00:00:00
ID SAINT:EBA48713AF799D0D975192E68AF89AB3
Type saint
Reporter SAINT Corporation
Modified 2012-07-25T00:00:00

Description

Added: 07/25/2012
CVE: CVE-2012-0666
BID: 53577
OSVDB: 81937

Background

Apple QuickTime is a media player for Windows and Mac OS platforms.

Problem

The QuickTime player browser plugin does not properly validate the language field in QT Movie files. If a malicious QT Movie file were opened via a browser, this could trigger a stack overflow and give an attacker the ability to execute arbitrary code on the target's system.

Resolution

Upgrade to Apple QuickTime Player 7.7.2 or higher.

References

<http://www.zerodayinitiative.com/advisories/ZDI-12-125/>
<http://lists.apple.com/archives/security-announce/2012/May/msg00005.html>

Limitations

This exploit has been tested against Apple QuickTime 7.7.1 on Windows XP SP3 English (DEP OptIn). The HTML page must be opened using Internet Explorer 8 on the target.

Platforms

Windows