QuickTime rstp:// Buffer Overflow (MoAB #1)

Well, the Month of Apple Bugs that Kathy posted about previously has begun, and the first target is that old stalwart of browser plugin vulnerabilities, QuickTime. Some of you may remember that 2006 was not good to QuickTime, and this year has thus started out with what seems like a very trivially exploited vuln. The specific entry for this vuln is here. As the advisory says, this is a simple stack-based buffer overflow of the form "rtsp:// [random] + semicolon + [299 bytes padding + payload]". While OS X takes advantage of the non-exectuable stack ability of x86 hardware this can of course be subverted by techniques like return-to-libc, and Kevin Finisterre had previously posted a detailed explaination of bypassing the non-executable stack protection anyway.

Unlike during the MoKB, the authors have stated that they will be posting working exploit code for all the issues (and that most will be 0-days but others will go through Apple), therefore it will be interesting to see what shakes out of it, and there theoretically shouldn't be any redactions due to bugs being proved non-exploitable.

As far as I can tell, at the time of writing, this seems like the first CVE of 2007, however it's CVE-2007-00015. 1-14 are currently shown as "reserved" and 16 doesn't exist, but whatever.