|
|
|
|
| |
Credit:
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-10-254/
|
| |
Vulnerable Systems:
* Apple Quicktime
User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The flaw exists within the QuickTimeMPEG.qtx module. When handling an ELST atom's edit list table data large values are not handled properly. Specifically, the media rate field is explicitly trusted and can be abused to control memory copy operations. By specifying a large enough value, an attacker can utilize this to write to an arbitrary address in process memory. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user.
Patch Availability:
Please refer to the following Apple documents:
Mac OS X 10.6.5: http://support.apple.com/kb/HT4435
QuickTime 7.6.9: http://support.apple.com/kb/HT4447
CVE Information:
CVE-2010-3791
Disclosure Timeline:
2010-07-20 - Vulnerability reported to vendor
2010-11-10 - Coordinated public release of advisory
|
|
|
|
|
