Vulnerability Note VU#683700
Apple QuickTime movie buffer overflow vulnerability
A buffer overflow vulnerability in the way Apple QuickTime handles movie files could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.
A buffer overflow vulnerability in QuickTime for Windows and Mac OS X may allow an attacker to execute arbitrary code with the privileges of the user running QuickTime. By convincing a user to open a specially-crafted QuickTime movie, an attacker can trigger the overflow.
Depending on settings, a web browser could automatically open a QuickTime movie. Apple iTunes includes QuickTime.
A remote, unauthenticated attacker can execute arbitrary code or create a denial-of-service condition.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer, Inc.||Affected||-||13 Sep 2006|
CVSS Metrics (Learn More)
Thanks to Apple Product Security for information about this vulnerability. Apple credits Mike Price of McAfee AVERT Labs.
This document was written by Ryan Giobbi.
- CVE IDs: CVE-2006-4382
- Date Public: 12 Sep 2006
- Date First Published: 13 Sep 2006
- Date Last Updated: 13 Sep 2006
- Severity Metric: 2.73
- Document Revision: 15
If you have feedback, comments, or additional information about this vulnerability, please send us email.