Lucene search

K
zdiMatt "j00ru" JurczykZDI-11-315
HistoryOct 27, 2011 - 12:00 a.m.

Apple QuickTime FLC Delta Decompression Remote Code Execution Vulnerability

2011-10-2700:00:00
Matt "j00ru" Jurczyk
www.zerodayinitiative.com
22

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.061 Low

EPSS

Percentile

93.6%

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime decodes flic file. Flic files can contain FLC Delta Decompression block containing Run Length Encoded data. Quicktime fails to correctly checking the decompression size when decoding the RLE data. This allowes for a 4 byte overwrite past the end of the buffer which could result into remote code execution under the context of the current user.

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.061 Low

EPSS

Percentile

93.6%