Release date: 2011-10-28
Updated on: 2011-10-28
Affected Systems:
Apple QuickTime Player 7.x
Unaffected system:
Apple QuickTime Player 7.7.1
Description:
--------------------------------------------------------------------------------
Bugtraq id: 50100
Cve id: CVE-2011-3222
QuickTime is a multimedia architecture developed by Apple Computer. It can process many digital videos, media paragraphs, sound effects, text, animations, music formats, and interactive panoramic images.
Apple QuickTime has a buffer overflow vulnerability when processing specially crafted FlashPix files. Attackers can exploit this vulnerability to execute arbitrary code with the current user permission, and the application is accidentally terminated.
<* Source: Luigi Auriemma (aluigi@pivx.com)
Damian Put (pucik@cc-team.org)
Link: http://support.apple.com/kb/HT5016
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Apple
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://support.apple.com/