CVE-2008-0778

Apple QuickTime < 7.4.1 - Stack-Based Buffer Overflow via QTPlugin.ocx ActiveX Methods

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0778. PoCs published by laurent gaffiÃ©.

AI-analyzed exploit summary This exploit demonstrates a stack overflow vulnerability in QuickTime's QTPlugin.ocx by supplying an overly long string to the SetBgColor function, leading to a denial of service or potential remote code execution.

Description

Multiple stack-based buffer overflows in an ActiveX control in QTPlugin.ocx for Apple QuickTime 7.4.1 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the (1) SetBgColor, (2) SetHREF, (3) SetMovieName, (4) SetTarget, and (5) SetMatrix methods.

Exploits (1)

exploitdb WORKING POC VERIFIED

by laurent gaffiÃ© · textdoswindows

https://www.exploit-db.com/exploits/5110

View Code ZIP pw:eip

This exploit demonstrates a stack overflow vulnerability in QuickTime's QTPlugin.ocx by supplying an overly long string to the SetBgColor function, leading to a denial of service or potential remote code execution.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: QuickTime <= 7.4.1

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting the exploit

MITRE ATT&CK