New QuickTime exploit triggers the same old stack overflow

Posted on: Monday, November 26, 2007 05:26:46 -0700

It would appear a January fix that supposedly protects against malformed URLs to the RTSC protocol of Apple's QuickTime wasn't a complete fix after all.

The US-CERT office of the Dept. of Homeland Security confirmed this morning that an intentionally malformed header sent to the Real Time Streaming Protocol handler of Apple's QuickTime for Windows, and presumably for Mac OS as well, will cause a familiar stack buffer overflow problem that could be exploitable from the outside.

A similar problem was addressed by Apple last January

, when a patch was issued to guard against intentionally malformed URLs sent through RTSP protocol to QuickTime. But now the problem appears to involve overflowing the message header - not the URL to which the message is directed - with garbage characters at the end.

Add Comment

Click this button to add comment to this news.

Add Comment

Note: We reserve the right to remove inapropriate comments (advertisement, spam, etc.).

The above information is copyright of the original owner as indicated by the link to the original source of the information. This information is provided for convenience only and we assume no legal liability for the accuracy, completeness, or usefulness of any information disclosed in the original source.

Any links to other web sites are provided for convenience only. We does not review or monitor the content of those web sites. Links to other internet sites from this site should not be construed as an endorsement of the views contained therein.

Last updated: Monday, November 26, 2007 17:26:46 -0700