Zero Day Initiative Advisory 10-255

Posted by deepcore on November 18, 2010 – 2:09 am

Zero Day Initiative Advisory 10-255 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the quicktime.qtx. When handling the m1s atom an integer value is used as an offset into a buffer. Minimal validation is done and an attacker can supply a negative value. This can be used to write to an arbitrary address in process memory. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user.

Tags: Apple, exploit, remote-attacker, user
This post is under “Apple, exploit, OSX security tools” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Zero Day Initiative Advisory 10-254 Secunia Security Advisory 42264 »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Zero Day Initiative Advisory 10-255

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL