magnify
Home Assembly CVE-2012-0667 – Analysis
formats

CVE-2012-0667 – Analysis

The vulnerability occurs when parsing 16-bit integer in sizelength of impn, imgp and vrsg atoms in a quicktime movie file.

Basically it converts the 16-bit to 32-bit integer. Due to it’s a signed integer , it passes some comparison checks.

Then I think it uses this integer as an “unsigned” in a memory copy operation and that causes the crash.

impn

compare

crash

 
 Share on Facebook Share on Twitter Share on Reddit Share on LinkedIn
No Comments  comments 

Bir Cevap Yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

*

Şu HTML etiketlerini ve özelliklerini kullanabilirsiniz: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>