module

Apple Quicktime 7 Invalid Atom Length Buffer Overflow

Disclosed	Created
2013-05-22	2018-05-30

Disclosed

2013-05-22

Created

2018-05-30

Description

This module exploits a vulnerability found in Apple Quicktime. The flaw is
triggered when Quicktime fails to properly handle the data length for certain
atoms such as 'rdrf' or 'dref' in the Alis record, which may result a buffer
overflow by loading a specially crafted .mov file, and allows arbitrary
code execution under the context of the current user.

Authors

Jason Kratzer
Tom Gallagher
Paul Bates
sinn3r sinn3r@metasploit.com

Platform

Windows

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:


    msf > use exploit/windows/browser/apple_quicktime_rdrf
    msf exploit(apple_quicktime_rdrf) > show targets
        ...targets...
    msf exploit(apple_quicktime_rdrf) > set TARGET < target-id >
    msf exploit(apple_quicktime_rdrf) > show options
        ...show and set options...
    msf exploit(apple_quicktime_rdrf) > exploit

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today