Vigil@nce - Apple QuickTime : buffer overflow via QuickTimePlayer.dll
septembre 2011 par Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to display a malicious document
with Apple QuickTime, in order to create a denial of service, and
possibly to execute code.
Severity : 2/4
Creation date : 07/09/2011
IMPACTED PRODUCTS
– Apple QuickTime
DESCRIPTION OF THE VULNERABILITY
The QuickTimePlayer.dll ActiveX is used to visualize QuickTime
documents from Internet Explorer.
The OpenURL() method of this ActiveX opens an url. However, if
this url is too long, an overflow occurs.
An attacker can therefore invite the victim to display a malicious
document with Apple QuickTime, in order to create a denial of
service, and possibly to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Apple-QuickTime-buffer-overflow-via-QuickTimePlayer-dll-10972