Vulnerability Note VU#913449
Apple QuickTime fails to properly handle corrupt GIF images
Apple's QuickTime is a player for files and streaming media in a variety of different formats. A flaw in QuickTime's handling of files in the Graphics Interchange Format (GIF) could allow a remote attacker to execute arbitrary code on a vulnerable system.
A heap overflow exists in the way QuickTime handles the Netscape Navigator Application Extension Block of a GIF image. A specially crafted GIF image can allow attackers to execute arbitrary code of their choosing with the privileges of the user running QuickTime.
Note that this issue affects QuickTime installations on both Apple Mac OS X and Microsoft Windows operating systems.
An attacker with the ability to supply a maliciously crafted GIF file (.gif) could execute arbitrary code on a vulnerable system. The attacker-supplied code would be executed with the privileges of the QuickTime user opening the malicious file. The crafted GIF image may be supplied on a webpage or in email, or by some other means designed to encourage the victim to invoke QuickTime on the exploit image.
Install an update
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer, Inc.||Affected||-||11 Jan 2006|
CVSS Metrics (Learn More)
This document was written by Chad R Dougherty based on information supplied by Apple and eEye Digital Security.
- CVE IDs: CVE-2005-3713
- Date Public: 10 Jan 2006
- Date First Published: 11 Jan 2006
- Date Last Updated: 31 Jan 2006
- Severity Metric: 3.85
- Document Revision: 22
If you have feedback, comments, or additional information about this vulnerability, please send us email.