- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Quicktime Player HTTP Error Message Buffer Overflow
------------------------------------------------------------------------
SUMMARY
A vulnerability in the way Quicktime displays error messages allows remote
attackers to cause it to crash and execute arbitrary code. The
vulnerability is triggered by a malformed HTTP response whenever the
Quicktime is asked to connect to an RTSP server whose TCP port 554 and
7070 are closed but non-filtered.
DETAILS
Vulnerable Systems:
* Quicktime Player version 7.3.1.70 and prior
Exploit:
/*
Copyright 2008 Luigi Auriemma -
http://aluigi.altervista.org/poc/quicktimebof.zip
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
USA
http://www.gnu.org/licenses/gpl.txt
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#include <stdarg.h>
#include <time.h>
#include <ctype.h>
#include <sys/stat.h>
#ifdef WIN32
#include <direct.h>
#include <ws2tcpip.h>
#include <winsock.h>
#include "winerr.h"
#define close closesocket
#define sleep Sleep
#define in_addr_t uint32_t
#define ONESEC 1000
#else
#include <unistd.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <sys/ioctl.h>
#include <net/if.h>
#include <pthread.h>
#define ONESEC 1
#define strnicmp strncasecmp
#define stricmp strcasecmp
#define stristr strcasestr
No comments:
Post a Comment