J漾諸事會社

DESCRIPTION

Remote exploitation of an integer overflow vulnerability in Apple Computer Inc.'s QuickTime media player could allow attackers to execute arbitrary code in the context of the targeted user.

The vulnerability specifically exists in QuickTime players handling of the title and author fields in an SMIL file. When parsing an SMIL file, arithmetic calculations can cause insufficient memory to be allocated. When copying in user-supplied data from the SMIL file, a heap-based buffer overflow occurs. This results in a potentially exploitable condition.