osx bugs in realplayer, grapher, and garage band

new.security_at_gmail.com
Date: 08/25/05

  • Next message: Jerome Athias: "Windows Multi-Languages OPcodes DB" 
    Date: 25 Aug 2005 21:23:18 -0000
To: vuln-dev@securityfocus.com
    ('binary' encoding is not supported, stored as-is) a couple of bugs i found in os x applications:

    real player for os x:
    _______________________________
    realplayer's proxy preference contains an overflow when filled with a
    large string of characters.
    gdb output:
    Program received signal EXC_BAD_ACCESS, Could not access memory.
    Reason: KERN_INVALID_ADDRESS at address: 0x61616169
    0x90003bf4 in szone_malloc ()
    (gdb)
    as shown by the output the program is trying to reach the memory
    adress of 0x61616169 (which translates to a string of a's) since i put
    a large string of a's in the proxy preference box it overwrit the
    correct adress in memory with a's.
    _______________________________
    Grapher for os x:
    _______________________________
    when copying and pasteing a large string into grapher's y value box it
    causes grapher to eat up memory causing a denial of service type bug.
    _______________________________
    garage band for os x:
    _______________________________
    if you change the composer name, itunes library, and album name in
    garage band's preferences to large strings then make a change to
    your song then press the exit button then when it asks to save say
    yes, it will crash
    Program received signal EXC_BAD_ACCESS, Could not access memory.
    Reason: KERN_PROTECTION_FAILURE at address: 0x00000b2b
    0x909ad0f8 in objc_msgSend ()

  • Next message: Jerome Athias: "Windows Multi-Languages OPcodes DB"
    • Quantcast