ZDI-06-015 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime media player. The specific flaw exists within the parsing of H.264 content. The implicit trust of a user-supplied size value during a memory copy loop allows an attacker to create an exploitable memory corruption condition. Exploitation requires that an attacker either coerce the target to open a malformed media file or visit a website embedding the malicious file. Versions prior to 7.1 of Apple Quicktime are affected.
079d3c9b83a953ba0bedb07efcf43346d8ca8269df05b93a6ee5704d47b30901