Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Multimedia)  >   Apple QuickTime Vendors:   Apple
Apple QuickTime Unspecified Heap Overflow May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1015356
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Dec 14 2005
Impact:   Execution of arbitrary code via network, User access via network

Version(s): 7.0.3
Description:   A vulnerability was reported in Apple QuickTime. A remote user may be able to execute arbitrary code on the target system.

A user can trigger a heap overflow in the player and potentially execute arbitrary code on the target system. No details were provided pending vendor resolution.

iTunes 6.0.1 is also affected.

The vendor has been notified.

badpack3t of reported this vulnerability.

The original advisory is available at:

Impact:   A remote user may be able to cause arbitrary code to be executed on the target user's system.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Boundary error
Underlying OS:  UNIX (macOS/OS X), Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  Apple QuickTime/iTunes Heap Overflow Vulnerability

>From the "Upcoming Release: Apple Quicktime/iTunes Heap Overflow" report:
"A heap overflow vulnerability exists within Apple Quicktime 7.0.3 and 
iTunes 6.0.1 on OS X and Win32. The vulnerability allows an attacker to 
reliably overwrite heap memory with arbitrary data in order to execute 
arbitrary code on a targeted host. This has been tested on OS X and 
Win32. I have reported this issue to Apple. I will publish more details 
once Apple has released a patch for this issue. Just a side note, this 
was published from my local Apple store. ;-) Here is a screenshot if you 
are interested."


Detailed description:
QuickTime error report in Windows XP from
Reportedly problem in QuickTime is in quicktimeplayer.exe executable.

Affected versions:
The vulnerability has been reported in Apple Quicktime 7.0.3 and iTunes 
6.0.1 on OS X and Microsoft Windows.

Microsoft Windows
Apple Mac OS X

Apple Computer, Inc.

Product Home Pages:

Solution status:
Reportedly no updated versions available from the vendor.

Reportedly vendor was contacted on December 2nd, 2005 or earlier.


CVE information: N/A

Credit information:
This vulnerability is researched by Tom Ferris (aka badpack3t).

I have no any connections to or Mr. Ferris.

Best regards,
Juha-Matti Laurio,
Security researcher

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC