Apple QuickTime Movie/PICT/QTVR Multiple Remote Vulnerabilities

Apple QuickTime is prone to multiple remote vulnerabilities that may allow remote attackers to execute arbitrary code and carry out denial-of-service attacks.

These issues arise when the application handles specially crafted PICT image files, movies, and QTVR movies. Successful exploits may allow attackers to gain remote unauthorized access in the context of a vulnerable user and to trigger a denial-of-service condition.

Versions prior to QuickTime 7.5.5 are affected.

NOTE: Two issues that were previously covered in this BID were given their own records to better document the details:

- CVE-2008-3626 was moved to BID 31546 ('Apple QuickTime 'STSZ' Atoms Memory Corruption Vulnerability')

- CVE-2008-3629 was moved to BID 31548 ('Apple QuickTime PICT Denial of Service Vulnerability').


Privacy Statement
Copyright 2010, SecurityFocus