Intrusion Prevention

Apple.QuickTime.QTIF.idsc.Code.Execution

Description

This indicates an attempt to exploit a code injection vulnerability in Apple QuickTime.
The vulnerability allows remote attackers to cause arbitrary code to be injected and executed via an invalid "Atom size" field in a .QTIF image file. The code is executed in the security context of the current user.

Affected Products

prior to Apple QuickTime Player 7.4.

Impact

System Compromise: remote attackers can gain control of vulnerable systems.

Recommended Actions

Upgrade to Apple QuickTime Player 7.4.

CVE References

CVE-2008-0033