|
Description
|
This indicates an attempt to exploit a buffer overflow vulnerability in Apple QuickTime.
Apple QuickTime before 7.3 contains a buffer overflow vulnerability. It occurs when processing "panorama sample atoms" in QuickTime Virtual Reality (QTVR) movie files. A remote attacker can exploit this vulnerability by tricking the target user into opening a crafted movie file. Successful exploitation may lead to arbitrary code execution in the security context of the logged in user.
|
|
|
|
Impact
|
|
System Compromise: remote attackers can gain control of vulnerable systems.
|
|
|
|
Affected Products
|
Apple Computer - Mac OS X (10.3.9)
Apple Computer - Mac OS X (10.4.9)
Apple Computer - Mac OS X (10.5)
Apple Computer - Quicktime (prior to 7.3)
|
|
Aliases
|
Apple.Quicktime.Panorama.Buffer.Overflow
|
|
References
|
http://www.securityfocus.com/bid/26342
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2007-4675
|
|
Recommended Actions
|
Update to version 7.3.
QuickTime 7.3 for Leopard:
http://www.apple.com/support/downloads/quicktime73forleopard.html
QuickTime 7.3 for Tiger:
http://www.apple.com/support/downloads/quicktime73fortiger.html
QuickTime 7.3 for Panther:
http://www.apple.com/support/downloads/quicktime73forpanther.html
QuickTime 7.3 for Windows:
http://www.apple.com/support/downloads/quicktime73forwindows.html
|
