The Apple Quicktime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition.
Apple QuickTime contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code with the privileges of the user running QuickTime. By convincing a user to open a specially crafted midi file with QuickTime, an attacker can trigger the overflow.
Note that this vulnerability may be present in QuickTime versions prior to 7.1.5 running on Mac OS X and Microsoft Windows 2000, XP and Vista.
A remote, unauthenticated attacker can execute arbitrary code or create a denial-of-service condition. The crafted file may be supplied on a web page, in an email for the victim to select, or by some other means designed to encourage them to invoke QuickTime on the exploit file.
Thanks to Apple for information that was used in this report. Apple in turn thanks Mike Price of McAfee AVERT Labs.
This document was written by Ryan Giobbi.
|Date First Published:||2007-03-06|
|Date Last Updated:||2007-03-19 18:39 UTC|