Apple QuickTime RTSP URI Remote Buffer Overflow Vulnerability

Apple QuickTime is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input prior to copying it to an insufficiently sized stack-based memory buffer.

Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application, facilitating the remote compromise of affected computers.

Attackers exploit this issue by coercing targeted users to access malicious HTML or QTL files or by executing malicious JavaScript code.

QuickTime 7.1.3 is vulnerable to this issue; other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus