[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4478B00B.8000309@comcast.net>
Date: Sat, 27 May 2006 16:01:15 -0400
From: John Richard Moser <nigelenki@...cast.net>
To: bugtraq@...urityfocus.com
Subject: Buffer overflow in QuickTime 7.0.4?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm not sure if this one is known but I see the last buffer overflows
show Quicktime 7.x vulnerable and suggest upgrading to 7.0.4*.
* http://docs.info.apple.com/article.html?artnum=303101
I was downloading Elephant's dream from
http://osaddict.com/files/Elephants_Dream_1024-h264-st-aac.mov on
Windows XP*, and started playing with scrolling past the end of the
movie. This invariably crashes Firefox with the QuickTime player, etc etc.
* http://orange.blender.org/ QuickTime, H.264 / AAC Stereo 1024x576
So I opened the QuickTime Player itself, v7.0.4, and threw it forward to
half-way. I get a dialog box claiming the Microsoft Visual C Runtime
detected a "buffer overflow," and immediately remember-- windows has
stack smash protection now, thanks to the MS Research Glepnir project
looking into StackGuard! I know the basic concept-- canaries on the stack.
So apparently I threw QuickTime 7.0.4 into an overflow again?
The question here is, can anyone else reproduce this one? I don't have
an exact environment or a file for you (it was downloading while it was
going), but just let the download go for a bit and start trying to open
it in QuickTime while it's downloading and scroll past the end.
- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.
Creative brains are a valuable, limited resource. They shouldn't be
wasted on re-inventing the wheel when there are so many fascinating
new problems waiting out there.
-- Eric Steven Raymond
We will enslave their women, eat their children and rape their
cattle!
-- Bosc, Evil alien overlord from the fifth dimension
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIVAwUBRHiwCgs1xW0HCTEFAQLdjhAAjh+dcm6CWIpUBLewzQeYf3p+56UmAFAH
Q8O2WwXmU/E9HM5O4jz2cYbSYOLiWnGu32Oqf2qPFhiWh9XF/k7pNd4c+uEMUKaL
0+zMgyXZL8hsVqY90vKqWuFU1r20rbqfanrnZMbrdGP5ApeVbgTtYoJMfnIoy0ow
QqAHAwdtLpVYcFL1FJ/iM8smGYBI8B3pmMd/rmYTeY1bKmho5+3Ei0WQjDicZ2At
aNR6Nlzk/tv3vOJQxMxfXnRwlE1dfPGtWuzkSQK8EFwjEwWJSfkiRD68/PCUaowY
1ziqL3PMUaUVDJc3Cj9sNdpeUTErOfgcsHc06OjxKundp52nznZIG8zGVnPmdAwj
OptiIrCTxkTIhzQA5ZVeBVk0uKb9aSIJWq4oaYemvvsjoM+teVVu4oeGTdepodHA
w9KdKiuUbAmdQRlcXiFk8XvnFbatxs4sKPtnUjVx8Ti+LST6b0G6HjIvOr6hTGz6
bJbm2ln5tozRXsZhThEKIYuB4h/psrREoHTs5ft5cwJG2w3HoeGJL68xkXARfZLc
3K5czeY0AZ/g6q7YF3XdjTraA8a/aM0pChAwximQJPdKerhSaKKYKQI1rf3ajwXY
+I4O2//KDXWFZzgRNNEc2jjDGyo8e0eXz9xfmwPfwRq1KENwToUEOx4CH/EDIDZI
aYKIDtHGFZk=
=aJp3
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists