Vulnerability Note VU#200316
Apple QuickTime vulnerable to denial of service via specially crafted FlashPix file
A buffer overflow vulnerability in the way Apple QuickTime handles FlashPix files could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.
A buffer overflow vulnerability in QuickTime for Windows and Mac OS X may allow an attacker to execute arbitrary code with the privileges of the user running QuickTime. By convincing a user to open a specially-crafted FlashPix file, an attacker can trigger the overflow.
Depending on settings, a web browser could automatically open a FlashPix file with QuickTime. Apple iTunes includes QuickTime.
A remote, unauthenticated attacker can execute arbitrary code or create a denial-of-service condition.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer, Inc.||Affected||-||13 Sep 2006|
CVSS Metrics (Learn More)
Thanks to Apple Product Security for information about this vulnerability. Apple credits Mike Price of McAfee AVERT Labs.
This document was written by Ryan Giobbi.
- CVE IDs: CVE-2006-4388
- Date Public: 12 Sep 2006
- Date First Published: 13 Sep 2006
- Date Last Updated: 15 Sep 2006
- Severity Metric: 0.08
- Document Revision: 17
If you have feedback, comments, or additional information about this vulnerability, please send us email.