Signature Detail

HTTP: Apple QuickTime Malformed SMIL File

This signature detects attempts to exploit a known vulnerability against Apple QuickTime media player. Ir is due to a boundary error in the QuickTimeStreaming.qtx file while writing a debug log error. Remote attackers can exploit this by enticing target users to open a crafted SMIL file containing an overly long URL. Successful exploitation can result in arbitrary code injection and execution with the privileges of the logged in user. In case of an unsuccessful exploit, the application would terminate abnormally.

Extended Description

Apple QuickTime is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. QuickTime 7.6.6 (1671) for Windows is vulnerable; other versions may also be affected.

Affected Products

• Apple QuickTime Player 7.0.0
• Apple QuickTime Player 7.0.1
• Apple QuickTime Player 7.0.2
• Apple QuickTime Player 7.0.3
• Apple QuickTime Player 7.0.4
• Apple QuickTime Player 7.0.8
• Apple QuickTime Player 7.1
• Apple QuickTime Player 7.1.1
• Apple QuickTime Player 7.1.2
• Apple QuickTime Player 7.1.3
• Apple QuickTime Player 7.1.4
• Apple QuickTime Player 7.1.5
• Apple QuickTime Player 7.1.6
• Apple QuickTime Player 7.2
• Apple QuickTime Player 7.2.0
• Apple QuickTime Player 7.2.1
• Apple QuickTime Player 7.3
• Apple QuickTime Player 7.3.1
• Apple QuickTime Player 7.3.1.70
• Apple QuickTime Player 7.4
• Apple QuickTime Player 7.4.1
• Apple QuickTime Player 7.4.5
• Apple QuickTime Player 7.5
• Apple QuickTime Player 7.5.5
• Apple QuickTime Player 7.6
• Apple QuickTime Player 7.6.1
• Apple QuickTime Player 7.6.2
• Apple QuickTime Player 7.6.4
• Apple QuickTime Player 7.6.5
• Apple QuickTime Player 7.6.6
• Apple QuickTime Player 7.6.6 (1671)

References

• BugTraq: 41962
• CVE: CVE-2010-1799