Apple Quicktime PICT File PackBitsRgn Parsing Heap Corruption Vulnerability

2007-11-05T00:00:00
ID ZDI-07-066
Type zdi
Reporter Ruben Santamarta of reversemode.com
Modified 2007-11-09T00:00:00

Description

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exist in the parsing of the PackBitsRgn field (Opcode 0x0099). Due to improper handling of a malformed element in the structure, heap corruption occurs. If properly constructed this can lead to code execution running under the credentials of the user.