Zero Day Initiative Advisory 10-260

Posted by deepcore on December 8, 2010 – 8:15 pm

Zero Day Initiative Advisory 10-260 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that a user must be coerced into visiting a malicious page or opening a malicious file. The specific flaw exists within Apple’s support for Panoramic Images and occurs due to the application trusting a particular field for calculation of an offset. Due to the field being treated as a signed integer, the calculated offset can result in a pointer outside the bounds of the expected buffer. Upon usage of this out-of-bounds pointer, the application will write proceed to write image data to the invalid location. Successful exploitation can lead to code execution under the context of the application.

View post:
Zero Day Initiative Advisory 10-260

Tags: Apple, exploit, page-or-opening, Vulnerability
This post is under “Apple, exploit, OSX security tools” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Zero Day Initiative Advisory 10-259 Zero Day Initiative Advisory 10-261 »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Zero Day Initiative Advisory 10-260

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL