QuickTime PICT image UncompressedQuickTimeData buffer overflow

Added: 11/19/2007
CVE: CVE-2007-4672
BID: 26344
OSVDB: 38547

Background

QuickTime is a media player for Windows and Mac OS platforms.

Problem

A buffer overflow vulnerability in QuickTime allows command execution when a user opens a specially crafted PICT image containing an invalid UncompressedQuickTimeData opcode length.

Resolution

Upgrade to QuickTime 7.3.

References

http://www.us-cert.gov/cas/techalerts/TA07-310A.html
http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.html

Limitations

Exploit works on QuickTime 7.2 and requires a user to download and open a PCT file.

Platforms

Windows

Back to exploit index