|
Description
|
This indicates an attempt to exploit a buffer-overflow vulnerability in Apple QuickTime.
The vulnerability occurs in quickTime.qts. An attacker may exploit this by using specially crafted ".pict" files to execute arbitrary code.
|
|
|
|
Impact
|
System Compromise.
Denial of Service.
|
|
|
|
Affected Products
|
Apple QuickTime Player 7.4.1
Apple QuickTime Player 7.3.1 .70
Apple QuickTime Player 7.3.1
Apple QuickTime Player 7.1.6
Apple QuickTime Player 7.1.5
Apple QuickTime Player 7.1.4
Apple QuickTime Player 7.1.3
Apple QuickTime Player 7.1.2
Apple QuickTime Player 7.1.1
Apple QuickTime Player 7.0.4
Apple QuickTime Player 7.0.3
Apple QuickTime Player 7.0.2
Apple QuickTime Player 7.0.1
Apple QuickTime Player 7.4
Apple QuickTime Player 7.4
Apple QuickTime Player 7.3
Apple QuickTime Player 7.2
Apple QuickTime Player 7.1
|
|
Aliases
|
Apple.Quicktime.PICT.Opcode.Memory.Corruption
|
|
References
|
http://www.securityfocus.com/bid/28583
http://www.frsirt.com/english/advisories/2008/1078
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1019
http://www.zerodayinitiative.com/advisories/ZDI-08-014
|
|
Recommended Actions
|
Upgrade to the latest version of Apple QuickTime (7.4.5 or later):
http://support.apple.com/kb/HT1241.
|
