A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of malformed Sample Table Sample Descriptor (STSD) atoms. Specifying a malicious atom size can result in an under allocated heap chunk and subsequently an exploitable heap corruption.
dc75dfbd5da0df2bcba75f15114c0fdac22be3a985c5ea1813ab5f1516b53302