Fortinet Security Advisory - Fortinet Security Research Team (FSRT) has discovered a buffer overflow vulnerability in the Apple QuickTime Player. Apple QuickTime has a buffer overflow vulnerability in parsing specially crafted TGA image files. This is due to an application failure to sanitize the parameter Color Map Entry Size while parsing TGA image files. A remote attacker could construct a web page with a specially crafted TGA file and entice a victim to view it, when the user opens the TGA image with Internet Explorer or Apple QuickTime Player, it will cause a memory access violation, leading to potential arbitrary command execution.
cd67a822ff370f9dc2ed6a580dba164b1c12edeed9edaa46caf6dc4a6956aab4