Intrusion Prevention

Apple.QuickTime.Player.Unspecified.Chunk.Code.Execution

Description

This indicates an attack attempt against a memory-corruption vulnerability in
Apple QuickTime Player.
The vulnerability is caused by an error when the vulnerable software handles
a malicious crafted movie file. It could allow a remote attacker to execute
arbitrary code via sending a crafted .mov file.

Affected Products

Mac OS X v10.6 through v10.6.4
Mac OS X Server v10.6 through v10.6.4

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the patch supplied by the vendor:
http://support.apple.com/kb/HT4435

CVE References

CVE-2010-3790