Apple Quicktime contains an array-indexing vulnerability when handling Sorenson Video 3 files. The array-indexing error can be exploited to cause memory corruption when QuickTime decompresses crafted files, allowing attackers to execute arbitrary code in the context of the current user.
Apple QuickTime 7.6.8
Remote Code Execution
Remote Code Execution in current user's context This client-side issue may be exploited by an attacker by tricking a user to open or view malicious Sorenson Video 3 content with QuickTime. Once the user has opened the file, the attacker may remotely execute arbitrary code in the context of the current user. If the user is an administrator, the attacker could install malicious software and further compromise the system.
BeyondTrust Prevention and Detection:
- BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
- Retina Audit 13825 - Apple QuickTime Multiple Vulnerabilities (20101207) - Windows
- Retina Audit 13826 - Apple QuickTime Multiple Vulnerabilities (20101207) - Mac OS x
Update QuickTime to version 7.6.9 or newer.