Apple QuickTime H.263 PictureHeader Remote Code Execution Vulnerability

2010-04-02T00:00:00
ID ZDI-10-036
Type zdi
Reporter Damian Put Anonymous
Modified 2010-11-09T00:00:00

Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within quicktime.qts when parsing sample data from a malformed .3g2 file that is utilizing the h.263 codec. While parsing data to render the video stream, the application will miscalculate the length of a buffer. Later when decompressing data to the heap chunk, the application will overflow the under allocated buffer leading to code execution under the context of the currently logged in user.