Intrusion Prevention

Apple.QuickTime.Uncompressed.PICT.Image.Stack.Overflow

Description

This indicates an attempt to exploit a buffer-overflow vulnerability in Apple QuickTime.
The vulnerability is due to boundary errors that occur when processing PICT image files. A remote attacker can exploit this by enticing a target user to open a crafted PICT image file.

Affected Products

Apple QuickTime Player 7.1.6
Apple QuickTime Player 7.1.5
Apple QuickTime Player 7.1.4
Apple QuickTime Player 7.1.3
Apple QuickTime Player 7.1.2
Apple QuickTime Player 7.1.1
Apple QuickTime Player 7.0.4
Apple QuickTime Player 7.0.3
Apple QuickTime Player 7.0.2
Apple QuickTime Player 7.0.1
Apple QuickTime Player 7.0
Apple QuickTime Player 7.2
Apple QuickTime Player 7.1

Impact

System Compromise.

Recommended Actions

Upgrade to the latest version of Apple QuickTime (7.3 or later), available from the vendor's web site:
http://www.apple.com/quicktime/win.html.

CVE References

CVE-2007-4672