|CVSS SCORE||7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)|
The specific flaw exists within the QuickTimeVR.qtx component. A signedness error exists when processing a QTVRStringAtom having an overly large "stringLength" parameter. This can be exploited to cause a stack-based buffer overflow and execute arbitrary code under the context of the user running the application.
Apple has issued an update to correct this vulnerability. More details can be found at:
|CREDIT||Alin Rad Pop