Blog
Jan 15, 2010
Multiple Media Player HTTP DataHandler Overflow
Multiple Media Player HTTP DataHandler Overflow submitted to Exploit-db.
2 min read
We recieved an interesting submission today at exploit-db from Dr_IDE. We have verified that both Quicktime and Itunes crash on Windows and OSX. The description reads:
“There is a widespread failure in the way that (.MOV) files are handled by the Quicktime Library. I have attempted to compound my findings on this issue.
Nearly every (.MOV) enabled application that I tested fell victim to this exploit. This is a local memory corruption vulnerability in the way these programs process a malformed file. I have provided crash logs, register dumps where applicable, sample script and trigger file.
Memory Corruption is repeatable and code execution seems possible. Because this issue affects web browsers it seems that the attack vector will be both Local and Remote.
It should be noted these applications are all registered by default as registered applications for this file type. There is no trickery involved in order to enable these programs to open the malicious file.”
Check it here
Cybersecurity leader resources
Sign up for the Secure Leader and get the latest info on industry trends, resources and best practices for security leaders every other week
Latest from OffSec
Enterprise Security
The Role of Leadership in Cultivating a Resilient Cybersecurity Team
Learn about the role that leadership plays in cultivating a resilient cybersecurity team.
Sep 13, 2024
5 min read
Community Spotlight
Navigating the Leap: My Journey from Software Engineering to Offensive Security
A software engineer’s journey into offensive security, sharing insights and tips for transitioning careers and thriving in the infosec field.
Sep 13, 2024
17 min read
OffSec News
Become a Certified Threat Hunter with OffSec’s New Foundational Threat Hunting Course (TH-200)
Everything you need to know about OffSec’s new course and certification – TH:200 – Foundational Threat Hunting.
Sep 9, 2024
4 min read