Name:
Apple.QuickTime.QTIF.idsc.Code.Execution
Released Date:
Feb 27 2008
Severity:
critical
CVE:
2008-0033
Bugtraq:
27299

FortiGuard Center > Vulnerability Encyclopedia


In-Depth Analysis

Description
This indicates an attempt to exploit a code injection vulnerability in Apple QuickTime.

The vulnerability allows remote attackers to cause arbitrary code to be injected and executed via an invalid "Atom size" field in a .QTIF image file. The code is executed in the security context of the current user.
 
Impact
System Compromise: remote attackers can gain control of vulnerable systems.
 
Affected Products
prior to Apple QuickTime Player 7.4.
Aliases
Apple.QuickTime.QTIF.idsc.Code.Execution
References
http://www.securityfocus.com/bid/27299
http://www.frsirt.com/english/advisories/2008/0148
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0033
Recommended Actions
Upgrade to Apple QuickTime Player 7.4.

 
 
SITE MAP  |  LEGAL NOTICES

      © 2003 FORTINET INC. ALL RIGHTS RESERVED