| Name | Apple.QuickTime.Image.Description.Atom.Code.Execution |
| Release Date | Jun 23, 2009 |
| Severity | Critical |
| Impact | System Compromise: Remote attackers can gain control of vulnerable systems. |
| Description | This indicates an attack attempt to exploit a remote code-execution vulnerability in Apple Quicktime.
The vulnerability results from insecure code responsible for parsing malformed description atoms. It can be exploited via a crafted MOV file, leading to remote code execution. |
| Affected Products | Apple QuickTime Player 7.6.1
Apple QuickTime Player 7.5.5
Apple QuickTime Player 7.4.5
Apple QuickTime Player 7.4.1
Apple QuickTime Player 7.3.1 .70
Apple QuickTime Player 7.3.1
Apple QuickTime Player 7.1.6
Apple QuickTime Player 7.1.5
Apple QuickTime Player 7.1.4
Apple QuickTime Player 7.1.3
Apple QuickTime Player 7.1.2
Apple QuickTime Player 7.1.1
Apple QuickTime Player 7.0.4
Apple QuickTime Player 7.0.3
Apple QuickTime Player 7.0.2
Apple QuickTime Player 7.0.1
Apple QuickTime Player 7.0
Apple QuickTime Player 6.5.2
Apple QuickTime Player 6.5.1
Apple QuickTime Player 6.5
Apple QuickTime Player 6.1
Apple QuickTime Player 5.0.2
Apple QuickTime Player 7.6
Apple QuickTime Player 7.5
Apple QuickTime Player 7.4
Apple QuickTime Player 7.4
Apple QuickTime Player 7.3
Apple QuickTime Player 7.2
Apple QuickTime Player 7.1
Apple QuickTime Player 6.4
Apple QuickTime Player 6 |
| Recommended Actions | Upgrade to Apple QuickTime Player 7.6.2 or later, available at the following web site:
http://support.apple.com/downloads/ |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-0955
|
| Reference/s | http://www.securityfocus.com/bid/35166 (BugTraq)
http://www.vupen.com/english/advisories/2009/1469 (FrSIRT)
http://www.milw0rm.com/exploits/8862
|