<em style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-3614" target="_blank">CVE</a>)</em> : Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption.

Upgrade to version 7.7.5 or higher, as it has been reported to fix this vulnerability. It is also possible to temporarily work around the flaw by implementing the following workaround: iDefense recommends disabling the QuickTime Plug-in and altering the .pic and .pict file type associations within the registry. Disabling the plug-in will prevent web browsers from utilizing QuickTime Player to view associated media files. Removing the file type associations within the registry will prevent QuickTime Player and Picture Viewer from opening .pic and .pict files.

Unknown or Incomplete

• Security Tracker: 1020841
• CVE ID: 2008-3614 (see also: NVD)
• Bugtraq ID: 31086
• Secunia Advisory ID: 31821 31882
• SCIP VulDB ID: 3827 3828 3829 3830 3831 3832 3833
• Related OSVDB ID: 48027 48028 48029 48030 48031 48032 48033 48035 48038
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2008-09/0123.html
  http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html
• Other Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=744
• Vendor Specific News/Changelog Entry: http://support.apple.com/kb/HT3027
• Vendor Specific Advisory URL: http://support.apple.com/kb/HT3137

• Anonymous - iDefense Labs VCP