Integer signedness error in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PnSize opcode in a PICT file that triggers a stack-based buffer overflow.
Vector
NETWORK
Complexity
MEDIUM
Authentication
NONE
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE
Apple Quicktime 7.6.8
Apple Quicktime 7.6.9
Apple QuickTime 7.66.71.0
Apple Quicktime 7.1.5
Apple Quicktime 7.5.0
Apple Quicktime 7.1.4
Apple Quicktime 7.4.1
Apple Quicktime 7.6.0
Apple Quicktime 7.6.1
Apple Quicktime 7.1.6
Apple Quicktime 7.6.2
Apple Quicktime 7.0.0
Apple Quicktime 7.4.5
Apple Quicktime 7.5.5
Apple Quicktime 7.6.5
Apple Quicktime 7.6.6
Apple Quicktime 7.0.2
Apple Quicktime 7.1.1
Apple Quicktime 7.2.0
Apple Quicktime 7.0.1
Apple Quicktime 7.1.0
Apple Quicktime 7.0.4
Apple Quicktime 7.1.3
Apple Quicktime 7.3.1
Apple Quicktime 7.4.0
Apple Quicktime 7.0.3
Apple Quicktime 7.1.2
Apple Quicktime 7.2.1
Apple Quicktime 7.3.0
Apple Quicktime 7.67.75.0
Apple Quicktime 7.6.7
Apple Quicktime 7.3.1.70
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| http://zerodayinitiative.com/advisories/ZDI-11-252/ | |||
| 17777 | |||
| http://support.apple.com/kb/HT4826 | |||
| 8365 |