Name:
Apple.Quicktime.Clipping.Region.Heap.Overflow
Released Date:
Apr 8 2008
Severity:
critical
CVE:
2008-1017
Bugtraq:
28583

FortiGuard Center > Vulnerability Encyclopedia


In-Depth Analysis

Description
This indicates an attempt to exploit a heap overflow vulnerability in Apple Quicktime.

The vulnerability can be triggered when parsing .mov file 'crgn' atoms, resulting in a heap based buffer overflow. Viewing a maliciously crafted MOV image may lead to arbitrary code execution.
 
Impact
System Compromise: remote attackers can gain control of vulnerable systems.
 
Affected Products
Apple Quicktime 7.4.1 or prior.
Aliases
Apple.Quicktime.Clipping.Region.Heap.Overflow
References
http://www.securityfocus.com/bid/28583
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1017
http://www.zerodayinitiative.com/advisories/ZDI-08-015
Recommended Actions
Upgrade to the latest version of QuickTime, 7.4.5.

 
 
SITE MAP  |  LEGAL NOTICES

      © 2003 FORTINET INC. ALL RIGHTS RESERVED