QuickTime buffer overflow vulnerability reported

Secunia reports on a newly discovered QuickTime buffer overflow vulnerability that has been confirmed for version 7.x.x of the multimedia software for Windows, and is also thought to affect the Mac OS X version.

Secunia's description states:

"The vulnerability is caused due to a boundary error when handling RTSP URLs. This can be exploited to cause a stack-based buffer overflow via a specially crafted QTL file with an overly long (more than 256 bytes) "src" parameter (e.g. "rtsp://[any character]:[>256 bytes]"). [...] Successful exploitation allows execution of arbitrary code."

The Month of Apple Bugs Web site claims that the only current workarounds are to disable RTSP handling or uninstall QuickTime -- neither represent tenable options for Mac OS X.

A proof of concept for this vulnerability, which can be compiled using a Ruby interpreter, can be found on this page.

Feedback? Late-breakers@macfixit.com.

Resources