Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Buffer overflow in QuickTime 7.0.4?
From: John Richard Moser (nigelenkicomcast.net)
Date: Sat May 27 2006 - 15:01:15 CDT
-----BEGIN PGP SIGNED MESSAGE-----
I'm not sure if this one is known but I see the last buffer overflows
show Quicktime 7.x vulnerable and suggest upgrading to 7.0.4*.
I was downloading Elephant's dream from
Windows XP*, and started playing with scrolling past the end of the
movie. This invariably crashes Firefox with the QuickTime player, etc etc.
* http://orange.blender.org/ QuickTime, H.264 / AAC Stereo 1024x576
So I opened the QuickTime Player itself, v7.0.4, and threw it forward to
half-way. I get a dialog box claiming the Microsoft Visual C Runtime
detected a "buffer overflow," and immediately remember-- windows has
stack smash protection now, thanks to the MS Research Glepnir project
looking into StackGuard! I know the basic concept-- canaries on the stack.
So apparently I threw QuickTime 7.0.4 into an overflow again?
The question here is, can anyone else reproduce this one? I don't have
an exact environment or a file for you (it was downloading while it was
going), but just let the download go for a bit and start trying to open
it in QuickTime while it's downloading and scroll past the end.
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.
Creative brains are a valuable, limited resource. They shouldn't be
wasted on re-inventing the wheel when there are so many fascinating
new problems waiting out there.
-- Eric Steven Raymond
We will enslave their women, eat their children and rape their
-- Bosc, Evil alien overlord from the fifth dimension
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v18.104.22.168 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----