Apple QuickTime contains a heap buffer overflow in the processing of JPEG2000 data, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Apple's QuickTime Player is multimedia software that allows users to view local and remote audio, video, and image content. QuickTime contains a heap buffer overflow in the code that handles JPEG2000 data.
This vulnerability may be triggered by using the QuickTime Player or an application that uses the QuickTime plug-in, such as a web browser.
By causing QuickTime to process specially crafted JPEG2000 data (e.g. by viewing a web page, HTML email message or attachment, or by opening an image or video file), an attacker may be able to execute arbitrary code with the privileges of the user.
Disable the QuickTime ActiveX controls in Internet Explorer
This vulnerability was discovered by Will Dormann of the CERT/CC. It was also independently discovered by Nils of MWR InfoSecurity
This document was written by Will Dormann.
|Date First Published:||2010-12-08|
|Date Last Updated:||2012-03-28 15:26 UTC|