Intrusion Prevention
Apple.QuickTime.Multiple.Integer.Overflow
Description
A vulnerability in Apple QuickTime may allow system compromise. The vulnerability is due to a boundry condition error when the application handles specially crafted QTIF, TGA, TIFF, and GIF image formats. An integer overflow allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags. Successful exploitation may allow a remote attacker to trigger a denial of service condition or gain unauthorized access.
Affected Products
Apple QuickTime Player 7.0.3
Apple QuickTime Player 7.0.2
Apple QuickTime Player 7.0.1
Apple QuickTime Player 7.0
Impact
System compromise.
Recommended Actions
Apple has released advisory APPLE-SA-2006-01-10 including QuickTime 7.0.4 to address these issues.