QuickTime is a media player for Windows and Mac OS platforms.
Apple QuickTime 7.7.1 and earlier versions are vulnerable to remote code execution if the user is persuaded to open a specially crafted
QTVR movie file. The specific flaw exists within the
QuickTimeVR.qtx component which fails to properly check the
stringLength parameter when processing a
QTVRStringAtom, resulting in an integer signedness buffer overflow. Successful exploitation could result in a remote attacker running arbitrary code in the context of the affected user.
Upgrade to QuickTime 7.7.2 or higher.
This exploit was tested against Apple QuickTime 7.7.1 on Windows XP SP3 English (DEP OptIn).
The user must open the HTML exploit file in Internet Explorer 8.