The vulnerability exists within the QuickTimeVR.qtx component when processing a QTVRStringAtom having an overly large "stringLength" parameter. This can be exploited to cause a based buffer overflow and execute arbitrary code under the context of the user running the application. This module runs a web server waiting for vulnerable clients (Internet Explorer 6, 7 or 8) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
The vulnerability exists within the way Quicktime handles the PnSize PICT opcode. It converts an unsigned 16 bit value into a signed 32 bit value, this is later used as the size parameter for a memory copy function that copies from the file onto the stack. The results in a stack based buffer overflow that allows for remote code execution under the context of the current user.
A buffer overflow in the Apple QuickTime plugin allows remote attackers to execute arbitrary code via a specially crafted MIME type. This module runs a web server waiting for vulnerable clients (Safari 5.7.1) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a vulnerability in Java QuickTime (QtJava.dll),specifically the routine toQTPointer() exposed through quicktime.util.QTHandleRef. A lack of sanity checking on the parameters passed to this routine, through the Java Virtual Machine (JVM), allows an attacker to write arbitrary values to memory. This module runs a web server waiting for vulnerable clients (In Windows ,Opera, Firefox and Internet Explorer and in Mac Os X in Safari Browser) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
Buffer Overflow when Quicktime fails to properly handle the data length for certain atoms such as 'rdrf' or 'dref' in the Alis record by loading a specially crafted .MOV file. This module runs a web server waiting for vulnerable clients (Internet Explorer 8) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module runs a web server waiting for vulnerable clients to connect to it. When the client connects, it will try to install an agent by exploiting a vulnerability in ATSServer through Quicklook/Safari/Apple Mail/Preview, which allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering. The module will send an e-mail with an attached .pdf file. This file will deploy an agent when opened by the user. Additionally, the module will allow users to download the malformed .pdf file from Core Impact's Web Server. Also, this module can drop a specially crafted PDF file in a local folder of the user's choice. This file can later be placed in a shared folder. Exploitation will occur in the first case just by visiting the folder in which the file is stored.
Apple iTunes is prone to a buffer-overflow vulnerability when handling playlists because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. This module runs a web server waiting for vulnerable clients to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a vulnerability in Apple iTunes which is caused due to a boundary error in the processing of m3u files. This can be exploited to cause a stack-based buffer overflow when a specially crafted file is opened. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.
Subscribe to Client Side