OSVDB ID: 69320

Title: Apple Mac OS X QuickTime Crafted GIF File LZW Decompression Arbitrary Code Execution

Info

Disclosure

Nov 12, 2010

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Nov 12, 2010

Description

Apple Mac OS X QuickTime contains a uninitialized memory location access issue that may allow a context-dependent attacker to execute arbitrary code or cause a denial of service. The issue is triggered when viewing a maliciously crafted GIF image and the program not handlnig LZW descompression correctly.

Classification

Location: Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Solution: Upgrade
Exploit: Exploit Private
Disclosure: Vendor Verified, Coordinated Disclosure

Solution

Upgrade to version 10.6.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Apple Inc.

Mac OS X

10.6
10.6.1
10.6.2
10.6.3
10.6.4

Mac OS X Server

10.6
10.6.1
10.6.2
10.6.3
10.6.4

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/69320