Zero Day Initiative Advisory 10-254

Posted by deepcore on November 18, 2010 – 2:09 am

Zero Day Initiative Advisory 10-254 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the QuickTimeMPEG.qtx module. When handling an ELST atom’s edit list table data large values are not handled properly. Specifically, the media rate field is explicitly trusted and can be abused to control memory copy operations. By specifying a large enough value, an attacker can utilize this to write to an arbitrary address in process memory. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user.

See the rest here:
Zero Day Initiative Advisory 10-254

Tags: Apple, exploit, media, quicktimempeg
This post is under “Apple, exploit, OSX security tools” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Zero Day Initiative Advisory 10-253 Zero Day Initiative Advisory 10-255 »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Zero Day Initiative Advisory 10-254

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL