Release date:
Updated on:
Affected Systems:
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2011-3248
QuickTime is a multimedia architecture developed by Apple Computer. It can process many digital videos, media paragraphs, sound effects, text, animations, music formats, and interactive panoramic images.
Apple QuickTime has a vulnerability in decoding the video sample encoded in the RLE encoder. When extracting the sample, the application cannot process the canvas displayed in the sample, resulting in overflow, remote attackers can exploit this vulnerability to execute arbitrary code with the current user permission.
<* Source: Luigi Auriemma (aluigi@pivx.com)
Link: http://www.zerodayinitiative.com/advisories/ZDI-12-005/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Apple
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://support.apple.com/