QuickTime is a media player for Windows and Mac OS platforms.
Apple QuickTime 7.7.1 and earlier versions are vulnerable to buffer overflow when parsing XML elements within a TeXML file. The
QuickTime3GPP.qtx QuickTime Extension image file does not properly validate the length of data within certain sub-fields. By enticing a user to open a specially crafted TeXML file, a remote attacker could exploit this vulnerability to execute arbitrary code in the context of the user.
Upgrade to Apple QuickTime 7.7.2 or later.
This exploit has been tested against Apple QuickTime 7.7.1 on Windows XP SP3 English (DEP OptIn).
The user must open the exploit file in a vulnerable version of Apple QuickTime.