Fortinet Security Advisory - Fortinet Security Research Team (FSRT) has discovered a vulnerability in the Apple QuickTime Player. Apple QuickTime has a vulnerability in parsing the specially crafted TIFF image files. This is due to application failure to sanitize the parameter StripOffsets value while parsing TIFF image files. A remote attacker could construct a web page with specially crafted tiff file and entice a victim to view it, when the user opens the TIFF image with Internet Explorer or Apple QuickTime Player, it will cause a memory access violation, leading to potential arbitrary command execution.
3b588cf7f6f92dd97bbaf61f07231058a4a3d25ed43f154b696b82c9a40f1898
Fortinet Security Advisory - Fortinet Security Research Team (FSRT) has discovered a buffer overflow vulnerability in the Apple QuickTime Player. Apple QuickTime has a buffer overflow vulnerability in parsing the specially crafted TIFF image files. This is due to application failure to sanitize the parameter StripByteCounts while parsing TIFF image files. A remote attacker could construct a web page with specially crafted tiff file and entice a victim to view it, when the user opens the TIFF image with Internet Explorer or Apple QuickTime Player, it will cause a memory access violation, and leading to potential arbitrary command execution.
09a92ec1846789359ad9a5d09cdc149c4401610255743ba875be582f9035afd4