• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

RETIRED: Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities

Apple QuickTime is prone to multiple remote vulnerabilities that may allow remote attackers to execute arbitrary code.

These issues arise when the application handles specially crafted PICT image files, Indeo video content, movie files, 'file:' URIs, and AAC-encoded media. Successful exploits may allow attackers to gain remote unauthorized access in the context of a vulnerable user; failed exploits will cause denial-of-service conditions.

Versions prior to QuickTime 7.5 are affected.

NOTE: This BID is being retired; the following individual records have been created to better document the issues:

29649 Apple QuickTime 'PICT' Image 'PixData' Structures Handling Heap Overflow Vulnerability
29650 Apple QuickTime 'file:' URI File Execution Vulnerability
29654 Apple QuickTime 'AAC-encoded' Media Memory Corruption Vulnerability
29648 Apple QuickTime 'PICT' Image Buffer Overflow Vulnerability
29652 Apple QuickTime Indo Video Codec Buffer Overflow Vulnerability