TITLE:
Apple QuickTime RTSP "Content-Type" Header Buffer Overflow
SECUNIA ADVISORY ID:
SA27755
VERIFY ADVISORY:
http://secunia.com/advisories/27755/CRITICAL:
Extremely critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Apple QuickTime 7.x
http://secunia.com/product/5090/DESCRIPTION:
h07 has discovered a vulnerability in Apple QuickTime, which can be
exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error when processing
RTSP replies and can be exploited to cause a stack-based buffer
overflow via a specially crafted RTSP reply containing an overly long
"Content-Type" header.
Successful exploitation allows execution of arbitrary code and
requires that the user is e.g. tricked into opening a malicious QTL
file or visiting a malicious web site.
The vulnerability is confirmed in version 7.3. Other versions may
also be affected.
NOTE: A working exploit is publicly available.
SOLUTION:
Do not browse untrusted websites, follow untrusted links, nor open
untrusted QTL files.
