Release DateJan 21, 2010 |
Severitycritical |
ImpactSystem compromise or denial of service. |
DescriptionThis indicates an attack attempt against a heap-based buffer-overflow vulnerability in Apple QuickTime on Windows.The vulnerability is due to the software's inability to handle malformed Clipping Region (CRGN) atom types in a QuickTime movie file. A remote attacker may exploit this by sending a specially crafted movie file. |
Affected ProductsApple QuickTime before 7.6.2 |
Recommended ActionsPlease refer to the vendor's web site for updates or patches:http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2009-0954 |
Reference/shttp://www.securityfocus.com/bid/35167 (BugTraq)http://www.zerodayinitiative.com/advisories/ZDI-09-028/ |
