This application requires Javascript for optimal performance.

Apple.QuickTime.Uncompressed.PICT.Image.Stack.Overflow

Release Date

Dec 17, 2007

Severity

high

Impact

System Compromise.

Description

This indicates an attempt to exploit a buffer-overflow vulnerability in Apple QuickTime.

The vulnerability is due to boundary errors that occur when processing PICT image files. A remote attacker can exploit this by enticing a target user to open a crafted PICT image file.

Affected Products

Apple QuickTime Player 7.1.6
Apple QuickTime Player 7.1.5
Apple QuickTime Player 7.1.4
Apple QuickTime Player 7.1.3
Apple QuickTime Player 7.1.2
Apple QuickTime Player 7.1.1
Apple QuickTime Player 7.0.4
Apple QuickTime Player 7.0.3
Apple QuickTime Player 7.0.2
Apple QuickTime Player 7.0.1
Apple QuickTime Player 7.0
Apple QuickTime Player 7.2
Apple QuickTime Player 7.1

Recommended Actions

Upgrade to the latest version of Apple QuickTime (7.3 or later), available from the vendor's web site:
http://www.apple.com/quicktime/win.html.

Coverage

IPS
VCM

Common Vulnerabilities and Exposures (CVE)

CVE-2007-4672

Reference/s

http://www.frsirt.com/english/advisories/2007/3723 (FrSIRT)
http://www.securityfocus.com/bid/26344 (BugTraq)

Reference: VID-15212