Apple QuickTime GIF Out-Of-Bounds Write Remote Code Execution Vulnerability

2015-07-01T00:00:00
ID ZDI-15-279
Type zdi
Reporter kdot
Modified 2015-06-22T00:00:00

Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of GIF images. By providing a GIF with a malformed image descriptor, an attacker can write data outside the bounds of the data structure. An attacker could leverage this to execute arbitrary code in the context of the QuickTime process.