You are here

U-202: Apple QuickTime Multiple Stack Overflow Vulnerabilities

June 29, 2012 - 7:00am

Addthis

PROBLEM:

Apple QuickTime is prone to multiple stack-based buffer-overflow vulnerabilities.

PLATFORM:

Version(s): prior to 7.7.2

ABSTRACT:

Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.

Reference links:

Vendor Advisory
Security Focus ID 53571
CVE-2012-0663

IMPACT ASSESSMENT:

Medium

Discussion:

These issues arise when the application handles specially crafted files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.Versions prior to

QuickTime 7.7.2 are vulnerable on Windows 7, Vista and XP.

Impact:

Denial of service, executtion of arbitrary code

Solution:

Download the newest verstion of Quicktime at Apple Downloads

Addthis