1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Quicktime RTSP URI BO

Web Attack: Quicktime RTSP URI BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a vulnerability in Apple QuickTime that allows an attacker to execute arbitrary code.

Additional Information

Apple QuickTime is prone to a remote buffer-overflow vulnerability. This issue is due to a failure of the application to properly bounds-check user-supplied input prior to copying it to an insufficiently sized stack-based memory buffer.

Specifically, URIs with the 'RTSP' scheme containing specifically formatted excessive data will result in a memory buffer being overrun with attacker-supplied data.n n This issue allows remote attackers to execute arbitrary machine code in the context of the affected application, facilitating the remote compromise of affected computers.

Attackers exploit this issue by coercing targeted users to access malicious HTML or QTL files, or by executing malicious JavaScript code. Any of these methods allow attackers to launch an excessively long RTSP URI, triggering the issue.

QuickTime version 7.1.3 is vulnerable to this issue; other versions may also be affected.

Affected

  • Apple QuickTime Player 7.1.3

Response

Update to the latest version of Quicktime and ensure that all patches are applied.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube