January 2, 2007
(This post is from my old, old, super old site. My views have changed over the years, hopefully my writing has improved, and there is now more than a handful of folks reading my site. Enjoy.)
MOAB-01-01-2007: Apple Quicktime rtsp URL Handler Stack-based Buffer Overflow
Heh... uh... oh my. Ouch.
I can confirm that yes, this exploit is very real, and for "fun" I made a page that'll automagically download and run the exploit in QT Player ("Just called usr bin say").
This doesn't work for everyone's machine (it's intel specific) and you need to have "Open safe files after downloading" turned on (which it is by default) in Safari. And even so, it only works about 80% of the time for me. But even a small percentage is a large number of users.
Doh.
On the bright side, I think I can get this to download FlyGesture and have it automatically install and launch for everyone.
What, you don't want that?