| Check Point Reference: |
CPAI-2009-095 |
| Date Published: |
13 Jun 2009 |
| Severity: |
Critical
|
| Last Updated: |
Thursday 01 January, 2009 |
| Source: |
Secunia Advisory: SA35091 |
| Industry Reference: | CVE-2009-0010 |
| Protection Provided by: |
|
| Who is Vulnerable? | Apple QuickTime prior to 7.6.2 |
| Vulnerability Description |
A buffer overflow vulnerability was reported in Apple QuickTime, a multimedia player that supports a wide range of media formats. Apple QuickTime fails to process crafted PICT images. Remote attackers may exploit this vulnerability by persuading a target user to open a specially crafted PICT file using the vulnerable products. Successful exploitation may lead to arbitrary code execution or terminate the application resulting in a denial of service condition. |
| Update/Patch Avaliable | The vendor, Apple, has released an advisory addressing this vulnerability:
http://support.apple.com/kb/HT3591 |
| Vulnerability Details | The flaw is due to improper processing of paintPoly record in PICT image file. An attacker can create a PICT image that once processed by a vulnerable QuickTime product will trigger the vulnerability. |
Feedback