Intrusion Prevention

Apple.QuickTime.VR.Track.Header.Atom.Heap.Corruption

Description

This indicates a possible attack towards a heap-based buffer overflow in Apple QuickTime which allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted QTVR movie file.

Affected Products

Apple QuickTime Player before version 7.6

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.
Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Apply the latest update from the vendor:
http://www.apple.com/quicktime/download/

CVE References

CVE-2009-0002