| Name | Apple.Quicktime.PICT.Opcode.0X8201.Heap.Overflow |
| Release Date | Jan 07, 2010 |
| Severity | Critical |
| Impact | System compromise or denial of service |
| Description | This indicates a possible attack against a heap-based buffer-overflow vulnerability in Apple QuickTime.
The vulnerability is due to the way the application parses PICT files. A remote attacker may exploit this by sending a crafted PICT image. |
| Affected Products | Apple QuickTime before 7.6.2 |
| Recommended Actions | Please refer to the vendor's advisory for updates or patches:
http://support.apple.com/kb/HT3591 |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-0953
|
| Reference/s | http://www.securityfocus.com/bid/35164 (BugTraq)
http://www.zerodayinitiative.com/advisories/ZDI-09-027/
|