An hypotesis is a possible different behaviour depending by the version
of Mac OS, probably bypassable using a modified proof-of-concept or just
not at all.
I have found the following post (in french) which reports a detailed
test made using the latest version of Quicktime on Mac OS X
10.4.11 PPC
and Mac OS X
10.5.1 Intel:
http://forum.macbidouille.com/index.php?act=ST&f=8&t=251685#entry2512134
On both the platforms the code flow has pointed to the return address
specified in the proof-of-concept (on PPC 0x01010119 is just the 0x01
sequence of bytes which was in my PoC before the 'A' sequence).
Anyway this mail is also for pointing out a new
customizable proof-of-concept which I have written yesterday and that
can be used to fully executing code remotely after having passed the
needed valid parameters (my PoC doesn't contain shellcodes, it must be
provided as external file in the classical C/Perl/hexadecimal format
like, for example, those available on The Metasploit Project):
