Secunia Advisory SA40729
Release Date 2010-07-26
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status Unpatched
Software:
Apple QuickTime 7.x
Description
Krystian Kloskowski has discovered a vulnerability in QuickTime Player, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in QuickTimeStreaming.qtx when constructing a string to write to a debug log file. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into viewing a specially crafted web page that references a SMIL file containing an overly long URL.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 7.6.6 (1671) for Windows. Other versions may also be affected.
Solution
A patch or updated version is not currently available.
Bollettino Sicurezza
Release Date 2010-07-26
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status Unpatched
Software:
Apple QuickTime 7.x
Description
Krystian Kloskowski has discovered a vulnerability in QuickTime Player, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in QuickTimeStreaming.qtx when constructing a string to write to a debug log file. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into viewing a specially crafted web page that references a SMIL file containing an overly long URL.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 7.6.6 (1671) for Windows. Other versions may also be affected.
Solution
A patch or updated version is not currently available.
Bollettino Sicurezza