|CVSS SCORE||9.0, (AV:N/AC:L/Au:N/C:P/I:P/A:C)|
The specific flaw exists within the way Quicktime decodes flic file. Flic files can contain FLC Delta Decompression block containing Run Length Encoded data. Quicktime fails to correctly checking the decompression size when decoding the RLE data. This allowes for a 4 byte overwrite past the end of the buffer which could result into remote code execution under the context of the current user.
Apple has issued an update to correct this vulnerability. More details can be found at:
|CREDIT||Matt "j00ru" Jurczyk