Skip to content

August 15, 2010

QuickTime Player SMIL Buffer Overflow and Metasploit Exploit

On the 26th July 2010, Krystian Kloskowski discovered a vulnerability in QuickTime Player 7.6.6 for Windows caused by a buffer overflow in the application’s error logging.

The original advisory states:

The vulnerability is caused due to a boundary error in QuickTimeStreaming.qtx when constructing a string to write to a debug log file. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into viewing a specially crafted web page that references a SMIL file containing an overly long URL.

Successful exploitation of this vulnerability leads to the ability of executing arbitrary code on the victim’s computer.

A couple of days ago, Joshua Drake (aka. jduck) submitted a working exploit module to the Metasploit Framework.

As QuickTime is installed on many Windows systems these days (it’s included as part of iTunes), this vulnerability poses a real threat. As always users should beware of clicking on unknown links, but ultimately if someone wants to get you to visit a malicious page, they can.

In this case users should update QuickTime asap. Apple has released QuickTime 7.6.7 which fixes this issue.

[Update] Check out the video below for a demo of the Metasploit module in action:

Metasploit_Apple_Quicktime_Smil_Debug from 4xteam on Vimeo.

Share your thoughts, post a comment.


Note: HTML is allowed. Your email address will never be published.

Subscribe to comments