Apple QuickTime Multiple Vulnerabilities - Sep09

Summary
The host is installed with Apple QuickTime and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to execute arbitrary code in the context of an affected application, and can cause Denial of Service. Impact Level: Application
Solution
Upgrade to Apple QuickTime version 7.6.4 or later, http://www.apple.com/quicktime/download/
Insight
- A memory corruption issue exists when handling 'H.264' movie files. - An error in the parsing of 'MPEG-4' video files which causes buffer overflow. - An integer overflow error when processing the 'SectorShift' and 'cSectFat' fields of a FlashPix file header. This can be exploited to cause a heap-based buffer overflow via a specially crafted FlashPix '.fpx' file. - A boundary error exists when processing samples from a 'H.264' encoded MOV file. This can be exploited to cause a heap-based buffer overflow via a specially crafted 'MOV' file.
Affected
Apple QuickTime before 7.6.4 on Windows.
References