SAINT CorporationSAINT:EF4C02982B3A82177CCC94B2A5AAECE2Apple QuickTime QTVRStringAtom stringLength Parameter QTVR Movie File Handling
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
96.5%
Added: 07/16/2012
CVE: CVE-2012-0667
BID: 53583
OSVDB: 81938
Background
QuickTime is a media player for Windows and Mac OS platforms.
Problem
Apple QuickTime 7.7.1 and earlier versions are vulnerable to remote code execution if the user is persuaded to open a specially crafted QTVR movie file. The specific flaw exists within the QuickTimeVR.qtx component which fails to properly check the stringLength parameter when processing a QTVRStringAtom, resulting in an integer signedness buffer overflow. Successful exploitation could result in a remote attacker running arbitrary code in the context of the affected user.
Resolution
Upgrade to QuickTime 7.7.2 or higher.
References
<http://support.apple.com/kb/HT5261>
<http://www.zerodayinitiative.com/advisories/ZDI-12-077/>
Limitations
This exploit was tested against Apple QuickTime 7.7.1 on Windows XP SP3 English (DEP OptIn).
The user must open the HTML exploit file in Internet Explorer 8.
Platforms
Windows
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
96.5%