Risk: High
Multiple vulnerabilities in Apple QuickTime have been reported that could result in Denial of Service to System Access. These have been discovered in QuickTime version 6.5.2 and 7.0.1 for Mac OS X, and QuickTime versions 7.x prior to 7.0.3 for Windows. Prior versions may also be affected.
Details of vulnerabilities:
An integer overflow error exists in the handling of a "Pascal" style string when loading a ".mov" video file. This can result in memory overwrite due to a large memory copy, potentially allowing arbitrary code execution via a specially crafted video file.
An integer overflow error exists in the handling of certain movie attributes when loading a ".mov" video file. This can result in memory overwrite due to a large memory copy, potentially allowing arbitrary code execution via a specially crafted video file.
A NULL pointer dereferencing error exists when handling certain missing movie attributes from a video file. This may be exploited to crash an application that uses QuickTime when a specially crafted video file is loaded.
A boundary error exists in the QuickTime PictureViewer when decompressing PICT data. This may be exploited to cause a memory overwrite, potentially allowing arbitrary code execution via a specially crafted PICT picture file.