Two code execution vulnerabilities are present in Apple QuickDraw PICT image format support. Twenty one code execution vulnerabilities are present in Apple QuickTime support for various multimedia formats including: MOV, H.264, MPEG 4, AVI, FPX and SWF. Exploitation could lead to execution of arbitrary code. In order for an attack to succeed user interaction is required and therefore the risk factor for these issues is medium. Vulnerable systems include Mac OS X versions 10.4.6 and below without the May 2006 security update installed, QuickTime versions 7.0.4 and below for Mac OS X, and QuickTime for Windows versions 7.0.4 and below.
8f07954712d0132d44032c1c58a7fa2505bdf2e850f835b45907c2298d579a60
eEye Digital Security has discovered a critical vulnerability in QuickTime Player. There is a integer overflow in the way QuickTime processes fpx format files. An attacker can create a fpx file and send it to the user via email, web page, or fpx file with activex.
43adc773eca673b0b8c59d551604cc2d366d6bcdd7893a6ec67c822b737336af