>> CATEGORY: XSS

[APPLE]

>> Apple Quicktime 7 Invalid Atom Length Buffer Overflow

USER: deepcore // 2013-07-18 // 0 CMT

This Metasploit module exploits a vulnerability found in Apple Quicktime. The flaw is triggered when Quicktime fails to properly handle the data length for certain atoms such as ‘rdrf’ or ‘dref’ in the Alis record, which may result a buffer overflow by loading a specially crafted .mov file, and allows arbitrary code execution under the context of the user.