In association with heise online

11 January 2008, 13:49

Security holes also discovered in QuickTime and VLC

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Having only recently discovered a RTSP data stream processing vulnerability in xine-lib, Luigi Auriemma has now published details about vulnerabilities in VLC Mediaplayer and Apple's QuickTime. These players also allow attackers to inject and execute arbitrary code via specially crafted RTSP data streams.

The VLC project adopted code from the Xine project in which insufficient length checks may allow buffer overflows on the heap to be triggered when decoding RTSP streams. The flaw occurs in the modules/access/rtsp/real_sdpplin.c file.

In QuickTime, a buffer overflow may be triggered when HTTP error messages are displayed. Attackers can provoke the problem in QuickTime under Windows by supplying a link to an RTSP server without having a server listening on network port 554. According to Auriemma, QuickTime tries to access HTTP port 80 in this case, allowing the server operator to use specially crafted error messages like 404 - Page not found to trigger a buffer overflow in QuickTime's display routine. It has, however, not been possible to reproduce the flaw under Mac OS X.

No updated versions are currently available for either of the players - the current versions of QuickTime (7.3.1.70) and VCL (0.8.6d) are affected. However, as there are currently no known vulnerabilities in Windows Media Player, which can also be used for watching online media, that is probably the safest alternative until an update is available.

See also:

(mba)

Print Version | Send by email | Permalink: http://h-online.com/-735799
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit