Apple QuickTime is vulnerable to a heap buffer overflow which may allow an attacker to execute arbitrary code or crash the system.
A vulnerability exists in the way Apple QuickTime handles specially crafted QuickTime Image (QTIF) files. According to Apple QuickTime 7.1.5 security document 305149:
A heap buffer overflow exists in QuickTime's handling of QTIF files. By enticing a user to access a maliciously-crafted QTIF file, an attacker can trigger the overflow, which may lead to an application crash or arbitrary code execution.
A remote, unauthenticated attacker may be able to execute arbitrary code or crash the system.
This vulnerability was reported by Apple, who in turn credit Ruben Santamarta from iDefense and JJ Reyes for reporting this issue.
This document was written by Katie Steiner.
|Date First Published:||2007-03-06|
|Date Last Updated:||2007-03-19 18:47 UTC|