HTTP: Apple QuickTime Malformed SMIL File
This signature detects attempts to exploit a known vulnerability against Apple QuickTime media player. Ir is due to a boundary error in the QuickTimeStreaming.qtx file while writing a debug log error. Remote attackers can exploit this by enticing target users to open a crafted SMIL file containing an overly long URL. Successful exploitation can result in arbitrary code injection and execution with the privileges of the logged in user. In case of an unsuccessful exploit, the application would terminate abnormally.
Extended Description
Apple QuickTime is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. QuickTime 7.6.6 (1671) for Windows is vulnerable; other versions may also be affected.
Affected Products
Apple quicktime_player
Short Name
HTTP:STC:STREAM:QT-MAL-SMIL
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Apple CVE-2010-1799 File Malformed QuickTime SMIL bid:41962
Release Date
09/28/2010
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Apple
CVSS Score
9.3