| Name | Apple.QuickTime.CRGN.Atom.Parsing.Heap.Overflow |
| Last Updated Date | Feb 09, 2010 |
| Release Date | Jan 21, 2010 |
| Severity | Critical |
| Impact | System compromise or denial of service. |
| Description | This indicates an attack attempt against a heap-based buffer-overflow vulnerability in Apple QuickTime on Windows.
The vulnerability is due to the software's inability to handle malformed Clipping Region (CRGN) atom types in a QuickTime movie file. A remote attacker may exploit this by sending a specially crafted movie file. |
| Affected Products | Apple QuickTime before 7.6.2 |
| Recommended Actions | Please refer to the vendor's web site for updates or patches:
http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-0954
|
| Reference/s | http://www.securityfocus.com/bid/35167 (BugTraq)
http://www.zerodayinitiative.com/advisories/ZDI-09-028/
|