A vulnerabilty in the way Apple QuickTime processes 3GP files may allow execution of arbitrary code.
A vulnerability exists in the way Apple QuickTime handles specially crafted 3GP files. According to Apple QuickTime 7.1.5 security document 305149:
An integer overflow exists in QuickTime's handling of 3GP video files. By enticing a user to open a malicious movie, an attacker can trigger the overflow, which may lead to an application crash or arbitrary code execution. This update addresses the issue by performing additional validation of 3GP video files.
A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial-of-service condition. The crafted 3GP file may be supplied on a web page or in email for the victim to select, or by some other means designed to encourage them to invoke QuickTime on the exploit file.
This issue is addressed in Apple QuickTime 7.1.5 security document 305149. Apple credits JJ Reyes for reporting this issue.
This document was written by Chris Taschner.
|Date First Published:||2007-03-06|
|Date Last Updated:||2007-03-19 18:46 UTC|