Apple QuickTime is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted Sorenson encoded movie file, a context-dependent attacker can potentially cause a denial of service or execute arbitrary code.

Upgrade to version 7.7.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Security Tracker: 1027065
• CVE ID: 2012-0669 (see also: NVD)
• Secunia Advisory ID: 47447
• Bugtraq ID: 53580
• Related OSVDB ID: 81929 81930 81931 81932 81933 81934 81935 81936 81937 81938 81939 81941 81942
• Vendor Specific Advisory URL: http://lists.apple.com/archives/security-announce/2012/May/msg00005.html
• Packet Storm: http://packetstormsecurity.org/files/113319/Zero-Day-Initiative-Advisory-12-078.html
• Vendor Specific News/Changelog Entry: http://support.apple.com/kb/HT5261
• Vendor URL: http://www.apple.com/quicktime/
• Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-12-078/

• Damian Put - Zero Day Initiative (ZDI)