Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Buffer overflow in QuickTime 7.0.4?

from [John Richard Moser] Network Security [Permanent Link]
Subject: Buffer overflow in QuickTime 7.0.4?
Date: Sat, 27 May 2006 16:01:15 -0400 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


I'm not sure if this one is known but I see the last buffer overflows
show Quicktime 7.x vulnerable and suggest upgrading to 7.0.4*.

* http://docs.info.apple.com/article.html?artnum=303101

I was downloading Elephant's dream from
http://osaddict.com/files/Elephants_Dream_1024-h264-st-aac.mov on
Windows XP*, and started playing with scrolling past the end of the
movie.  This invariably crashes Firefox with the QuickTime player, etc etc.

* http://orange.blender.org/ QuickTime, H.264 / AAC Stereo 1024x576

So I opened the QuickTime Player itself, v7.0.4, and threw it forward to
half-way.  I get a dialog box claiming the Microsoft Visual C Runtime
detected a "buffer overflow," and immediately remember-- windows has
stack smash protection now, thanks to the MS Research Glepnir project
looking into StackGuard!  I know the basic concept-- canaries on the stack.

So apparently I threw QuickTime 7.0.4 into an overflow again?

The question here is, can anyone else reproduce this one?  I don't have
an exact environment or a file for you (it was downloading while it was
going), but just let the download go for a bit and start trying to open
it in QuickTime while it's downloading and scroll past the end.

- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.

    Creative brains are a valuable, limited resource. They shouldn't be
    wasted on re-inventing the wheel when there are so many fascinating
    new problems waiting out there.
                                                 -- Eric Steven Raymond

    We will enslave their women, eat their children and rape their
    cattle!
                  -- Bosc, Evil alien overlord from the fifth dimension
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBRHiwCgs1xW0HCTEFAQLdjhAAjh+dcm6CWIpUBLewzQeYf3p+56UmAFAH
Q8O2WwXmU/E9HM5O4jz2cYbSYOLiWnGu32Oqf2qPFhiWh9XF/k7pNd4c+uEMUKaL
0+zMgyXZL8hsVqY90vKqWuFU1r20rbqfanrnZMbrdGP5ApeVbgTtYoJMfnIoy0ow
QqAHAwdtLpVYcFL1FJ/iM8smGYBI8B3pmMd/rmYTeY1bKmho5+3Ei0WQjDicZ2At
aNR6Nlzk/tv3vOJQxMxfXnRwlE1dfPGtWuzkSQK8EFwjEwWJSfkiRD68/PCUaowY
1ziqL3PMUaUVDJc3Cj9sNdpeUTErOfgcsHc06OjxKundp52nznZIG8zGVnPmdAwj
OptiIrCTxkTIhzQA5ZVeBVk0uKb9aSIJWq4oaYemvvsjoM+teVVu4oeGTdepodHA
w9KdKiuUbAmdQRlcXiFk8XvnFbatxs4sKPtnUjVx8Ti+LST6b0G6HjIvOr6hTGz6
bJbm2ln5tozRXsZhThEKIYuB4h/psrREoHTs5ft5cwJG2w3HoeGJL68xkXARfZLc
3K5czeY0AZ/g6q7YF3XdjTraA8a/aM0pChAwximQJPdKerhSaKKYKQI1rf3ajwXY
+I4O2//KDXWFZzgRNNEc2jjDGyo8e0eXz9xfmwPfwRq1KENwToUEOx4CH/EDIDZI
aYKIDtHGFZk=
=aJp3
-----END PGP SIGNATURE-----
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Buffer overflow in QuickTime 7.0.4?, John Richard Moser <=
Previous by Date:  [Full-disclosure] RE: Advisory: Blend Portal <= 1.2.0 for phpBB 2.x(blend_data/blend_common.php) File Inclusion Vulnerability, austin best
Next by Date:  Re: On the Recent PGP and Truecrypt Posting, Jon Callas
Previous by Thread:  [Full-disclosure] [USN-288-1] PostgreSQL server/client vulnerabilities, Martin Pitt
Next by Thread:  multiple file include exploits in EzUpload Pro v2.10, black-cod3
Indexes:  [Date] [Thread] [Top] [All Lists]