QuickTime / iTunes Memory Corruption Vulnerability

Tom Ferris has discovered a vulnerability in Apple QuickTime / iTunes, which can be exploited by malicious people to cause a DoS (Denial of Service), and with an unknown impact.  The vulnerability is caused due to an error in handling malformed “.mov” files. This can be exploited to cause memory corruption, which causes the program to crash. It has been reported that arbitrary code execution may be possible. However, this has not been confirmed.


The vulnerability has been confirmed in Apple QuickTime Player 7.0.3 and iTunes 6.0.1.3. Other versions may also be affected.


Solution:  Do not open “.mov” files from untrusted sources.


http://secunia.com/advisories/18149/

Leave a Reply