Subscribe to Windows IT Pro
May 05, 2004 12:00 AM

Buffer Overrun in Apple Quicktime

Ken Pfeil
Windows IT Pro
InstantDoc ID #42570
Rating: (0)

Reported May 02, 2004, by eEye Digital Security

VERSIONS AFFECTED

  • Apple QuickTime 6.5
  • Apple iTunes 4.2.0.72

DESCRIPTION
A vulnerability in Apple QuickTime 6.5 and Apple iTunes 4.2.0.72 could let a remote attacker reliably overwrite heap memory with user-controlled data and execute arbitrary code within the SYSTEM context. This specific flaw exists within the quicktime.qts file, through which many applications access QuickTime's functionality. Specially crafting atoms within a movie file triggers a direct heap overwrite, which makes reliable code execution possible.

VENDOR RESPONSE
Apple has released has released a patch for this vulnerability, which is available through the Updates section of the affected application.

CREDIT
Discovered by eEye Digital Security.

=

Related Content:

ARTICLE TOOLS

Comments
Add A Comment
    There are no comments to display. Be the first one!
You must log on before posting a comment.

Are you a new visitor? Register Here

advertisement

advertisement

Dev Pro Left-Brain SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

© 2012 Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.