Apple QuickTime... CVE-2007-2295 CNNVD-200704-524

9.3 AV AC AU C I A
发布: 2007-04-26
修订: 2017-07-29

Apple QuickTime是一款流行的多媒体播放器,支持多种媒体格式。 QuickTime在处理畸形格式的MOV文件时存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞控制用户机器。 如果使用QuickTime加载了畸形的.mov文件的话,JVTCompEncodeFrame()函数可能无法正确地解析畸形数据,触发堆溢出,播放器会由于分段错误而停止响应,或以登录用户的权限执行任意指令。 调试信息如下: Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_PROTECTION_FAILURE at address: 0x00041656 0x90003646 in szone_malloc () (gdb) bt #0 0x90003646 in szone_malloc () #1 0x90003527 in malloc_zone_malloc () #2 0x90325591 in mem_heap_malloc () #3 0x90325511 in shape_alloc_bounds () #4 0x9170d8ec in RectRgn () #5 0x91726437 in SetRectRgn () #6 0x9436d3b4 in ICMDeviceLoop () #7 0x9437728a in DecompressSequenceFrameWhen () #8 0x94376c3a in ICMDecompressionSessionDecodeFrame () #9 0x98b0c58c in v2m_rDecompressSequenceFrameWhen () #10 0x98b1333b in v2m_decompressVideoFrame () #11 0x98b13cd7 in QueueAFrame () #12 0x98b14d49 in v2m_doWhatTheMentorTellsUs () #13 0x98b166ac in Video2MoviesTask () #14 0x90cceccf in CallComponentFunctionCommon () #15 0x98b056c0 in...

0%
暂无可用Exp或PoC
当前有6条受影响产品信息