Intrusion Prevention

Apple.QuickTime.Multiple.Integer.Overflow

Description

A vulnerability in Apple QuickTime may allow system compromise. The vulnerability is due to a boundry condition error when the application handles specially crafted QTIF, TGA, TIFF, and GIF image formats. An integer overflow allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags. Successful exploitation may allow a remote attacker to trigger a denial of service condition or gain unauthorized access.

Affected Products

Apple QuickTime Player 7.0.3
Apple QuickTime Player 7.0.2
Apple QuickTime Player 7.0.1
Apple QuickTime Player 7.0

Impact

System compromise.

Recommended Actions

Apple has released advisory APPLE-SA-2006-01-10 including QuickTime 7.0.4 to address these issues.

CVE References

CVE-2005-3710 CVE-2005-3711

Other References

1