Sunday, January 13, 2008

Zero Day Exploit: Buffer-overflow in Quicktime Player

After two QuickTime flaws and Quickspace worm last December, another vulnerability was discovered this month affecting both Windows and Mac users.

The zero day vulnerability was found when Quicktime encounters a RSTP (Real-Time Streaming Protocol) link ex. rstp:// and no custom port has been specified, it handles the call by scanning port 554. However, if port 554 server is closed, Quicktime automatically switch to HTTP protocol and scans port 80, where the server returns 404 error message. If the returned HTTP error message from the server is so long, QuickTime media link file does not know how to handle this message - because it lacks input validation, thus causes buffer overflow.

This vulnerability can be exploited by a malicious application or website, which then allows execution of arbitrary codes on the user's system.

Luigi Auriemma, an italian security researcher has discovered this flaw and posted a bug report with proof-of-concept exploit code.