Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • October 23, 2016, 11:17:44 AM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Vuln. Alert: QuickTime/iTunes Zero-Day BOF/RCE  (Read 2027 times)


  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Vuln. Alert: QuickTime/iTunes Zero-Day BOF/RCE
« on: September 19, 2008, 04:23:26 PM »
Amazing that these things can still happen. The exploit uses an atypically long string to cause the application crash (please note the use of "denial of service" in the second link) and potentially allow arbitrary remote code execution on the effected machine.

Screenshot - 20_09_2008 , 7_19_35 AM_thumb.png

A hacker has released attack code that exploits an unpatched vulnerability in Apple Inc.'s QuickTime, just a week after the company updated the media player to plug nine other serious vulnerabilities, a security researcher said Wednesday.

The exploit, which was published on the milw0rm.com site Tuesday, takes advantage of a flaw in the "<? quicktime type= ?>" parameter in QuickTime, which is not prepared to handle excessively-long strings, said Aaron Adams, a researcher with Symantec Corp.'s DeepSight threat notification network.

Full Story
Full Story 2