A buffer overflow vulnerability in the way Apple QuickTime handles movie files could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.
A buffer overflow vulnerability in QuickTime for Windows and Mac OS X may allow an attacker to execute arbitrary code with the privileges of the user running QuickTime. By convincing a user to open a specially-crafted QuickTime movie, an attacker can trigger the overflow.
Depending on settings, a web browser could automatically open a QuickTime movie. Apple iTunes includes QuickTime.
A remote, unauthenticated attacker can execute arbitrary code or create a denial-of-service condition.
Thanks to Apple Product Security for information about this vulnerability. Apple credits Mike Price of McAfee AVERT Labs.
This document was written by Ryan Giobbi.
|Date First Published:||2006-09-13|
|Date Last Updated:||2006-09-13 16:26 UTC|