Vulnerability Note VU#448745
Apple QuickTime PICT heap buffer overflow
The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition.
PICT is a graphics file format that was used by Apple Macintosh systems prior to OS X as their standard metafile format. OS X systems can open and display PICT files.
Apple QuickTime contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code with the privileges of the user running QuickTime. By convincing a user to open a specially crafted PICT file with QuickTime, an attacker can trigger the overflow.
A remote, unauthenticated attacker can execute arbitrary code or create a denial-of-service condition. The crafted QuickTime PICT file may be supplied on a web page, in an email for the victim to select, or by some other means designed to encourage them to invoke QuickTime on the exploit file.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer, Inc.||Affected||-||06 Mar 2007|
CVSS Metrics (Learn More)
Thanks to Apple for information that was used in this report. Apple in turn thanks Mike Price of McAfee AVERT Labs.
This document was written by Ryan Giobbi.
- CVE IDs: CVE-2007-0715
- Date Public: 06 Mar 2007
- Date First Published: 06 Mar 2007
- Date Last Updated: 09 Mar 2007
- Severity Metric: 4.81
- Document Revision: 16
If you have feedback, comments, or additional information about this vulnerability, please send us email.