1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Apple QuickTime Streaming BO

HTTP Apple QuickTime Streaming BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature will detect attempts to exploit a buffer overflow vulnerability in Apple QuickTime.

Additional Information

Apple QuickTime is a media player that supports multiple file formats.

QuickTime is prone to a stack-based buffer-overflow vulnerability in the 'QuickTimeStreaming.qtx' library when constructing a string to write to a debug log file. Attackers can exploit this issue with a specially crafted 'SMIL' file containing an overly long URL.

An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

QuickTime 7.6.6 (1671) for Windows is vulnerable; other versions may also be affected.

Affected

  • Various

Response

Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: vuldb@securityfocus.com.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube