|TREND MICRO CUSTOMER PROTECTION
|Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['9628']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within QuickTimeAuthoring.qtx during the parsing of DELTA_FLI chunks stored within a malformed .fli file. The applications trusts a user-supplied length for decompression which can be modified to copy more data than necessary leading to a buffer overflow. Successful exploitation can lead to code execution under the context of the current user.
|Moritz Jodeit of n.runs AG