Release DateJan 21, 2010 |
Severitycritical |
ImpactSystem compromise or denial of service |
DescriptionThis indicates a possible attack against a heap-based buffer-overflow vulnerability in Apple QuickTime.The vulnerability is due to the software's inability to properly parse malformed JP2 images. A remote attacker may exploit this to execute arbitrary code or cause a denial-of-service condition. |
Affected ProductsApple QuickTime before 7.6.2 |
Recommended ActionsPlease refer to the vendor's advisory for detailed information:http://support.apple.com/kb/HT3591 |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2009-0957 |
Reference/shttp://www.zerodayinitiative.com/advisories/ZDI-09-029/http://www.securityfocus.com/bid/35165 (BugTraq) |
