Computer Security

Security Advisory: [Reversemode Advisory] Apple Quicktime FLIC File Heap Overflow
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Multiple Apple QuickTime security vulnerabilities

  [SA22048] Apple QuickTime Plug-In Local Resource Linking Weakness

  Multiple Vulnerabilities in Apple QuickTime

  US-CERT Technical Cyber Security Alert TA06-256A -- Apple QuickTime Vulnerabilities

  Apple QuickTime Player H.264 Codec Remote Integer Overflow

From:Reversemode <advisories_(at)_reversemode.com>
Date:18.09.2006
Subject:[Reversemode Advisory] Apple Quicktime FLIC File Heap Overflow


Hi,

Apple Quicktime <= 7.1 is prone to a heap overflow vulnerability.

This flaw could lead to a remote code execution,if an attacker tricks
the victim to visit a malicious webpage with a specially crafted .fli
animation embedded.

The flaw is located within the "COLOR_64 chunk" Quicktime parser. Since
proper checking is not performed, a large amount of heap can be
overwritten with controlled values.


Full technical details: Advisory "Apple Quicktime FLIC Heap Overflow" (PDF)
http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=
fileinfo&id=25

Proof Of Concept
http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=
fileinfo&id=24



References:

http://docs.info.apple.com/article.html?artnum=304357


Greets,
Ruben.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server