Apple QuickTime Player Remote Heap Overflow

To: SBUGTRAQ <bugtraq@xxxxxxxxxxxxxxxxx>, dailydave@xxxxxxxxxxxxxxxxxxxxx, FULLDISC <full-disclosure@xxxxxxxxxxxxxxxxx>, vuln@xxxxxxxxxxx
Subject: Apple QuickTime Player Remote Heap Overflow
From: Piotr Bania <bania.piotr@xxxxxxxxx>
Date: Tue, 06 Mar 2007 05:08:30 +0100
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:content-type:content-transfer-encoding; b=eGJbqEYWqHQty1G1zOD82+py8bpezfTIWi/ecA22qNeTWeEfqbo+6kXpQ1OaRcmH0f6CC1MtegGiWZJRTSVhSJoOzglN92WktC8KyLXsbJ0kWeEcCKpHZvR3Abv7+aQ7Io0MjK6ThMgxkZTdUI7S7cpf3lpI78AOZZG/f+tZvNs=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:user-agent:mime-version:to:subject:content-type:content-transfer-encoding; b=NyPKdK4rhW8zi4/XzmZwpvINjrRKtdKP+3Sy3guVn4BsfaNlSWGruXvZdC3wYX/iKw//2h2Xu5VZJP3fKsLmW65TyWKqESaQw+Rqsz2NtHvAmMD1moThJNBIGoYq34vezpIw9mN8K2HeNYS9SgupePZW5VmnR5KYBco+56rqzgM=
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Thunderbird 1.5.0.9 (Windows/20061207)


        Apple QuickTime Player Remote Heap Overflow
        by Piotr Bania <bania.piotr@xxxxxxxxx>
        http://www.piotrbania.com
        All rights reserved.


        Severity:       Critical - potencial remote code execution.


        Software affected:      Tested on QucikTime 7.1 (Windows
                                version), with  all newest add-ons.


        Timeline:               03/09/2006 Vulerability sent to the
                                vendor.
                                03/09/2006 Initial vendor response.
                                06/03/2007 Security bulletin released.


        Full advisory at:
        http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt



best regards,
pb
        
--
--------------------------------------------------------------------
Piotr Bania - <bania.piotr@xxxxxxxxx> - 0xCD, 0x19
Fingerprint: 413E 51C7 912E 3D4E A62A  BFA4 1FF6 689F BE43 AC33
http://www.piotrbania.com  - Key ID: 0xBE43AC33
--------------------------------------------------------------------

              - "The more I learn about men, the more I love dogs."

Prev by Date: RE: Wordpress <= v2.1.0
Next by Date: Re: Wordpress <= v2.1.0
Previous by thread: iDefense Security Advisory 03.05.07: Apple QuickTime Color Table ID Heap Corruption Vulnerability
Next by thread: Apple QuickTime udta ATOM Integer Overflow
Index(es):
- Date
- Thread