QuickTime PICT image UncompressedQuickTimeData buffer overflow

2007-11-19T00:00:00
ID SAINT:BD7C8BB2DD472B08E4C1A0B6834886AD
Type saint
Reporter SAINT Corporation
Modified 2007-11-19T00:00:00

Description

Added: 11/19/2007
CVE: CVE-2007-4672
BID: 26344
OSVDB: 38547

Background

QuickTime is a media player for Windows and Mac OS platforms.

Problem

A buffer overflow vulnerability in QuickTime allows command execution when a user opens a specially crafted PICT image containing an invalid UncompressedQuickTimeData opcode length.

Resolution

Upgrade to QuickTime 7.3.

References

<http://www.us-cert.gov/cas/techalerts/TA07-310A.html>
<http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.html>

Limitations

Exploit works on QuickTime 7.2 and requires a user to download and open a PCT file.

Platforms

Windows