Zero Day Initiative Advisory 10-262 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses directBitsRect records within a .pict file. When decompressing data within this structure, the application will allocate space for the target buffer using fields described within the file and then use a different length to decompress the total data from the file. This can lead to code execution under the context of the application.
0a777530341cc27ba50176bb4cbc81069d27fe8de07089d1c1b626878018cd9e
Zero Day Initiative Advisory 10-261 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of a custom compression algorithm. The application will trust a field within a DirectBitsRect structure which is used for an allocation, and later attempt to decompress data into this buffer. Due to the value for the allocation being different from the length of the data being decompressed a buffer overflow will occur which can lead to code execution with the privileges of the application.
fe27a415bf1129d2cdcf8daf7da5a7cdc96fae5c4762eaf27cb687d10e897da4
iDefense Security Advisory 12.07.10 - Remote exploitation of a memory corruption vulnerability in Apple Inc.'s QuickTime media player could allow attackers to execute arbitrary code in the context of the targeted user. The vulnerability specifically exists in the way specially crafted PICT image files are handled by the QuickTime PictureViewer. When processing specially crafted PICT image files, Quicktime PictureViewer uses a set value from the file to control the length of a byte swap operation. The byte swap operation is used to convert big endian data to little endian data. QuickTime fails to validate the length value properly before using it. When a length value is larger than the actual buffer size supplied, it will corrupt heap memory beyond the allocated buffer, which could lead to an exploitable condition. QuickTime Player versions prior to 7.6.9 are vulnerable.
4bb677daf3bb8a3483d603a95401b8fbc17090e4dfc5ab0ec2cab5cd33f94563