iDefense Security Advisory 09.09.08 - Remote exploitation of an integer overflow in Apple Inc.'s QuickTime could allow an attacker to execute arbitrary code in the security context of the current user. QuickTime is vulnerable to an integer overflow vulnerability when handling malformed PICT files. This issue results in heap corruption which can lead to arbitrary code execution. Apple Inc.'s QuickTime versions 7.4.5 and 7.4 have been confirmed to be vulnerable to this issue. Older versions are also suspected to be vulnerable.
3a27ed0d3c1812d0055d1944f27351bebfb69cb078fc9043b995e86593ef2c54