Reported May 02, 2004, by eEye Digital Security
VERSIONS AFFECTED
|
DESCRIPTION
A vulnerability in Apple QuickTime 6.5 and Apple iTunes 4.2.0.72 could let a
remote attacker reliably overwrite heap memory with user-controlled data and
execute arbitrary code within the SYSTEM context. This specific flaw exists
within the quicktime.qts file, through which many applications access
QuickTime's functionality. Specially crafting atoms within a movie file
triggers a direct heap overwrite, which makes reliable code execution possible.
VENDOR RESPONSE
Apple has released has
released a patch for this vulnerability, which is available through the Updates
section of the affected application.
CREDIT
Discovered by eEye Digital Security.
=
0 comments
Hide comments