Example of a Quicktime OverFlow Attack and some questions

[Jeff Pflueger <jeff () wildernessfringe com>]

Hi,
I just received 4 .mov files of a recent lecture so that they could be
posted on a website.
One of these files was posted on a website. When accessed via a browser,
the QT movie causes Norton to block the download: "Attempted Intrusion
'Apple QuickTime and ITunes Overflow' against your machine"

I am running QT Player 7.0.4 on XP.

Information on the attack is here:
http://www.symantec.com/avcenter/attack_sigs/s21529.html

I'd give you the URL for the .mov file, but I don't want to cause the
attack. Safe via bittorrent yes? So - An example of the file available
via bittorrent is here:
http://chomskytorrents.org/DownloadTorrent.php?TorrentID=1119

My question is:
I know who created these .mov files. Does this mean that the files were
intentionally crafted by this individual to exploit the QT Overrun
Buffer vulnerability? Or is there some other explanation?

Anyway to discern the nature of the attack from the QT movie itself
(example above)?

Thanks for help on this,
Jeff

Attachment: jeff.vcf
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/