CVE-2007-0462

The GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB ARGB...

CVE-2007-0462

The GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB ARGB...

CVE-2007-0462

The CVE-2007-0462 entry concerns Apple QuickDraw (used by QuickTime 7.1.3 and other apps on Mac OS X 10.4.8 and earlier) with a memory corruption vulnerability in the _GetSrcBits32ARGB function. A crafted PICT image containing a malformed Alpha RGB (ARGB) record can trigger memory corruption, lea...

MOAB-23-01-2007: Apple QuickDraw GetSrcBits32ARGB() Memory Corruption Vulnerability

Summary Apple describes QuickDraw as follows: ...a collection of system software routines that your application can use to perform most image-manipulation operations on Macintosh computers. QuickDraw is integrated in Mac OS X since very early versions, used by Quicktime and any other application...

Mac OS X Security Update 2007-001

The remote host is running a version of Mac OS X 10.3 or 10.4 which does not have Security Update 2007-001 applied. This update fixes a flaw in QuickTime which may allow a rogue website to execute arbitrary code on the remote host by exploiting an overflow in the RTSP URL handler. TRUSTED...

MOAB-01-01-2007: Apple Quicktime rtsp URL Handler Stack-based Buffer Overflow

Summary The following description of the software is provided by vendor Apple: QuickTime 7 makes the future of video crystal clear with new features including user-friendly controls and pristine H.264 video. Upgrade to QuickTime 7 Pro and capture your own movies, then share them with friends and...

Apple QuickTime HREFTrack crossite scripting

Script can refer to local resources. Vulnerability is used in-the-wild for malware code installation...

MOAB-03-01-2007: Apple Quicktime HREFTrack Cross-Zone Scripting vulnerability

Summary A month ago, a vulnerability in QuickTime was exploited to spread a worm in MySpace. The vulnerability was first published by pdp. In his article, pdp describes how HREFTrack attribute in .mov files can be used for malicious scripting. The MySpace worm abused this vulnerability in a...

quicktime.py.txt

!/usr/bin/python Port bind exploit for apple quicktime rtsp vulnerability Tested on windows 2000 SP0 and SP4 with quicktime 7.1.3.100. Should be easy to port the exploit to others. All one needs to do is look for the appropriate jump address. Certain characters are not permitted in the shellcode...

Apple Quicktime HREFTrack Cross-Zone Scripting vulnerability

Overview Web browsers running the Apple QuickTime plugin may allow remote web sites to reference content on the local filesystem. This may allow an attacker to execute script within the security context of the local machine. Description Web browser plugins that allow remote web sites to reference...

Apple QuickTime buffer overflow

Buffer overflow on oversized rtsp:// URLs...

US-CERT Technical Cyber Security Alert TA07-005A -- Apple QuickTime RTSP Buffer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-005A Apple QuickTime RTSP Buffer Overflow Original release date: January 05, 2007 Last revised: -- Source: US-CERT Systems Affected Apple QuickTime on systems running Apple Mac OS X...

Cross site scripting

Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie .MOV with an HREF Track HREFTrack that contains an automatic action tag with a local URI, which is executed in a loca...

CVE-2007-0059

Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie .MOV with an HREF Track HREFTrack that contains an automatic action tag with a local URI, which is executed in a loca...

CVE-2007-0059

Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie .MOV with an HREF Track HREFTrack that contains an automatic action tag with a local URI, which is executed in a loca...

CVE-2007-0059

CVE-2007-0059 is a cross-zone scripting vulnerability in Apple QuickTime 3–7.1.3 . A QuickTime movie (.MOV) with an HREF Track that contains an automatic action tag with a local URI can execute in the local zone during preview, enabling remote user‑assisted execution and the ability to list files...

Apple QuickTime RTSP URI远程缓冲区溢出漏洞

Apple QuickTime是一款流行的媒体播放程序。 Apple QuickTime处理RTSP URI存在缓冲区溢出，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 问题存在于rtsp:// URL处理器上，通过提供特殊的字符串rtsp://随机+ 冒号 + 299 字节填充和负载，使用HTML, Javascript或者QTL文件诱使用户解析，可导致基于堆栈的缓冲区溢出，可导致任意指令执行。 Apple QuickTime Player 7.1.3 目前没有解决方案提供： http://www.apple.com/quicktime/ !/usr/bin/ruby...

Apple Quicktime (rtsp URL Handler) Buffer Overflow Exploit (win2k)

No description provided by source. !/usr/bin/python Port bind exploit for apple quicktime rtsp vulnerability Tested on windows 2000 SP0 and SP4 with quicktime 7.1.3.100. Should be easy to port the exploit to others. All one needs to do is look for the appropriate...

QuickTime rtsp src URL buffer overflow

Added: 01/04/2007 CVE: CVE-2007-0015 BID: 21829 OSVDB: 31023 Background QuickTime is a media player for Windows and Mac OS platforms. Problem A buffer overflow in QuickTime allows command execution when a user opens a specially crafted QTL file containing a long src parameter starting with rtsp:/...

MOAB-01-01-2007.rb.txt

!/usr/bin/ruby Copyright c LMH Kevin Finisterre Notes: Our command string is loaded on memory at a static address normally, but this depends on execution method and the string length. The address set in this exploit will be likely successful if we open the resulting QTL file directly, without...