-
Apple Quicktime 7 Invalid Atom Length Buffer Overflow
Disclosure Date: 2013-05-22First seen: 2020-04-26exploit/windows/browser/apple_quicktime_rdrfThis module exploits a vulnerability found in Apple Quicktime. The flaw is triggered when Quicktime fails to properly handle the data length for certain atoms such as 'rdrf' or 'dref' in the Alis record, which may result a buffer overflow by loading a specially crafted .mov file, and allows arbitrary code execution under the context of the current user. Authors: - Jason Kratzer - Tom Gallagher - Paul Bates - sinn3r <sinn3r@metasploit.com> -
Apple Quicktime 7 Invalid Atom Length Buffer Overflow
Disclosure Date: 2013-05-22First seen: 2020-04-26exploit/windows/fileformat/apple_quicktime_rdrfThis module exploits a vulnerability found in Apple QuickTime. The flaw is triggered when QuickTime fails to properly handle the data length for certain atoms such as 'rdrf' or 'dref' in the Alis record, which may result a buffer overflow by loading a specially crafted .mov file, and allows arbitrary code execution under the context of the current user. Please note: Since an egghunter is used to search for the payload, this may require additional time for the exploit to complete. Authors: - Jason Kratzer - Tom Gallagher - Paul Bates - sinn3r <sinn3r@metasploit.com> -
Apple QuickTime 7.7.2 TeXML Style Element font-table Field Stack Buffer Overflow
Disclosure Date: 2012-11-07First seen: 2020-04-26exploit/windows/browser/apple_quicktime_texml_font_tableThis module exploits a vulnerability found in Apple QuickTime. When handling a TeXML file, it is possible to trigger a stack-based buffer overflow, and then gain arbitrary code execution under the context of the user. This is due to the QuickTime3GPP.gtx component not handling certain Style subfields properly, as the font-table field, which is used to trigger the overflow in this module. Because of QuickTime restrictions when handling font-table fields, only 0x31-0x39 bytes can be used to overflow, so at the moment DEP/ASLR bypass hasn't been provided. The module has been tested successfully on IE6 and IE7 browsers (Windows XP and Vista). Authors: - Arezou Hosseinzad-Amirkhizi - juan vazquez <juan.vazquez@metasploit.com> -
Apple QuickTime 7.7.2 MIME Type Buffer Overflow
Disclosure Date: 2012-11-07First seen: 2020-04-26exploit/windows/browser/apple_quicktime_mime_typeThis module exploits a buffer overflow in Apple QuickTime 7.7.2. The stack based overflow occurs when processing a malformed Content-Type header. The module has been tested successfully on Safari 5.1.7 and 5.0.7 on Windows XP SP3. Authors: - Pavel Polischouk - juan vazquez <juan.vazquez@metasploit.com> -
Apple QuickTime TeXML Style Element Stack Buffer Overflow
Disclosure Date: 2012-05-15First seen: 2020-04-26exploit/windows/fileformat/apple_quicktime_texmlThis module exploits a vulnerability found in Apple QuickTime. When handling a TeXML file, it is possible to trigger a stack-based buffer overflow, and then gain arbitrary code execution under the context of the user. This is due to the QuickTime3GPP.gtx component not handling certain Style subfields properly, storing user-supplied data on the stack, which results the overflow. Authors: - Alexander Gavrun - sinn3r <sinn3r@metasploit.com> - juan vazquez <juan.vazquez@metasploit.com> -
Apple QuickTime PICT PnSize Buffer Overflow
Disclosure Date: 2011-08-08First seen: 2020-04-26exploit/windows/fileformat/apple_quicktime_pnsizeThis module exploits a vulnerability in Apple QuickTime Player 7.60.92.0. When opening a .mov file containing a specially crafted PnSize value, an attacker may be able to execute arbitrary code. Authors: - MC <mc@metasploit.com> - corelanc0d3r <peter.ve@corelan.be> -
Apple QuickTime 7.6.7 _Marshaled_pUnk Code Execution
Disclosure Date: 2010-08-30First seen: 2020-04-26exploit/windows/browser/apple_quicktime_marshaled_punkThis module exploits a memory trust issue in Apple QuickTime 7.6.7. When processing a specially-crafted HTML page, the QuickTime ActiveX control will treat a supplied parameter as a trusted pointer. It will then use it as a COM-type pUnknown and lead to arbitrary code execution. This exploit utilizes a combination of heap spraying and the QuickTimeAuthoring.qtx module to bypass DEP and ASLR. This module does not opt-in to ASLR. As such, this module should be reliable on all Windows versions. NOTE: The addresses may need to be adjusted for older versions of QuickTime. Authors: - Ruben Santemarta - jduck <jduck@metasploit.com> -
Apple QuickTime 7.6.6 Invalid SMIL URI Buffer Overflow
Disclosure Date: 2010-08-12First seen: 2020-04-26exploit/windows/browser/apple_quicktime_smil_debugThis module exploits a buffer overflow in Apple QuickTime 7.6.6. When processing a malformed SMIL uri, a stack-based buffer overflow can occur when logging an error message. Authors: - Krystian Kloskowski - jduck <jduck@metasploit.com> -
MacOS X QuickTime RTSP Content-Type Overflow
Disclosure Date: 2007-11-23First seen: 2020-04-26exploit/osx/rtsp/quicktime_rtsp_content_typeThis module exploits a stack-based buffer overflow in Apple QuickTime before version 7.3.1. By sending an overly long RTSP response to a client, an attacker may be able to execute arbitrary code. Authors: - unknown -
Apple QuickTime 7.3 RTSP Response Header Buffer Overflow
Disclosure Date: 2007-11-23First seen: 2020-04-26exploit/windows/misc/apple_quicktime_rtsp_responseThis module exploits a stack buffer overflow in Apple QuickTime 7.3. By sending an overly long RTSP response to a client, an attacker may be able to execute arbitrary code. Authors: - MC <mc@metasploit.com>
10 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details