Zero Day Initiative Advisory 10-045 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of MPEG content. Upon reading a field used for compression within a 'genl' atom in the movie container, the application will decompress outside the boundary of an allocated buffer. Successful exploitation can lead to code execution under the context of the application.
1e70af37192d01db3abcf564c2dd3f7a80b046ea61164395b3665995413275e5
Zero Day Initiative Advisory 10-035 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in QuickTimeMPEG.qtx and results when QuickTime attempts to parse a malformed 'genl' atom that may be present in any QuickTime media file. A heap overflow is caused when QuickTime fails to perform proper bounds checking on the amount of data copied to the heap by a set of nested loops which can result in arbitrary code execution.
c2cef9ddc299821993d0b28550f87cd1dc790998d6e5691d3659309905346ded