ZDI-11-038: Apple Quicktime Sprite Transformation Remote Code Execution Vulnerability

ZDI-11-038: Apple Quicktime Sprite Transformation Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-038 February 1, 2011 -- CVE ID: CVE-2010-3790 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Apple -- Affected Products: Apple Quicktime --...

CVE-2010-3790

QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted movie file that causes an image sample transformation to scale a sprite outside a buffer boundary...

Design/Logic Flaw

QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted movie file that causes an image sample transformation to scale a sprite outside a buffer boundary...

CVE-2010-3790

QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted movie file that causes an image sample transformation to scale a sprite outside a buffer boundary...