A vulnerability in Apple QuickTime's handling of files in the QTIF format could allow a remote attacker to execute arbitrary code on a vulnerable system.
Apple's QuickTime is a player for files and streaming media in a variety of different formats, including QuickTime Image Format (QTIF) files. An integer overflow exists in QuickTime's handling of QTIF files. This flaw results in a vulnerability that could allow a remote attacker to execute arbitrary code on a vulnerable system.
Note that this issue affects QuickTime installations on both Apple Mac OS X and Microsoft Windows operating systems.
A remote unauthenticated attacker with the ability to supply a maliciously crafted QuickTime image file (.qtif) could execute arbitrary code on a vulnerable system or cause the application using QuickTime to crash. The attacker-supplied code would be executed with the privileges of the user opening the malicious file. The crafted QTIF image may be supplied on a webpage or in email, or by some other means designed to encourage the victim to invoke QuickTime or an application that uses it on the exploit image.
Install an update
Thanks to Apple Product Security for reporting this vulnerability. Apple, in turn, credits Mike Price of McAfee AVERT Labs with reporting this issue to them.
|Date First Published:||2007-03-06|
|Date Last Updated:||2007-03-19 18:39 UTC|