Apple QuickTime Sorenson-Encoded Movie File Remote Code Execution Vulnerability
Apple QuickTime is prone to a remote code-execution vulnerability because it fails to sufficiently validate user-supplied data when viewing Sorenson-encoded movie files.
Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.
The following are vulnerable:
Mac OS X 10.6 prior to 10.6.3
Mac OS X Server 10.6 prior to 10.6.3
QuickTime 7 prior to 7.6.6 on Mac OS X 10.5.8 and Microsoft Windows XP, Vista, and 7.
NOTE: This issue was previously covered in BID 39020 (Apple Mac OS X APPLE-SA-2010-03-29-1 Multiple Security Vulnerabilities) but has been assigned its own record to better document it.