QuickTime Player Streaming Debug Error Logging Buffer Overflow Vulnerability Network Vulnerability

Summary

The host is running QuickTime Player and is prone to buffer overflow vulnerability.

Impact

Successful exploitation could allow attackers to cause a stack-based buffer overflow by tricking a user into viewing a specially crafted web page that references a SMIL file containing an overly long URL. Impact Level: Application

Solution

Upgrade to QuickTime Player version 7.6.7 or later For updates refer to http://www.apple.com/quicktime/download/

Insight

The flaw is due to a boundary error in 'QuickTimeStreaming.qtx' when constructing a string to write to a debug log file.

Affected

QuickTime Player version prior to 7.6.7

References

http://en.community.dell.com/support-forums/virus-spyware/f/3522/t/19340212.aspx
http://secunia.com/advisories/40729
http://telussecuritylabs.com/threats/show/FSC20100727-08
http://www.securelist.com/en/advisories/40729

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1799
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Shockwave Player 3D Model Buffer Overflow Vulnerabilities
Adobe Reader 'Plug-in' Buffer Overflow Vulnerability (Mac OS X)
CuteFTP Heap Based Buffer Overflow Vulnerability
CA Internet Security Suite Plus 'KmxSbx.sys' Buffer Overflow Vulnerability
BS.Player '.bsl' File Buffer Overflow Vulnerabilities

Take action and discover your vulnerabilities