The vulnerability exists within the QuickTimeVR.qtx component when processing a QTVRStringAtom having an overly large "stringLength" parameter. This can be exploited to cause a based buffer overflow and execute arbitrary code under the context of the user running the application. This module runs a web server waiting for vulnerable clients (Internet Explorer 6, 7 or 8) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
The vulnerability exists within the way Quicktime handles the PnSize PICT opcode. It converts an unsigned 16 bit value into a signed 32 bit value, this is later used as the size parameter for a memory copy function that copies from the file onto the stack. The results in a stack based buffer overflow that allows for remote code execution under the context of the current user.
A buffer overflow in the Apple QuickTime plugin allows remote attackers to execute arbitrary code via a specially crafted MIME type. This module runs a web server waiting for vulnerable clients (Safari 5.7.1) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a vulnerability in Java QuickTime (QtJava.dll),specifically the routine toQTPointer() exposed through quicktime.util.QTHandleRef. A lack of sanity checking on the parameters passed to this routine, through the Java Virtual Machine (JVM), allows an attacker to write arbitrary values to memory. This module runs a web server waiting for vulnerable clients (In Windows ,Opera, Firefox and Internet Explorer and in Mac Os X in Safari Browser) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
Buffer Overflow when Quicktime fails to properly handle the data length for certain atoms such as 'rdrf' or 'dref' in the Alis record by loading a specially crafted .MOV file. This module runs a web server waiting for vulnerable clients (Internet Explorer 8) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a vulnerability in Apple iTunes which is caused due to a boundary error in the processing of m3u files. This can be exploited to cause a stack-based buffer overflow when a specially crafted file is opened. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.
The application is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Specifically, this issue occurs when a long ITMS URI is supply to Firefox Browser, this redirect the petition to Apple Itunes. An attacker can exploit this issue by enticing a vulnerable user into connecting to a malicious HTTP server or opening a specially crafted URI that contains an excessively long hostname. This module runs a web server waiting for vulnerable clients (Apple iTunes in Mozilla Firefox) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
Subscribe to Windows