|CVSS SCORE||6.8, (AV:N/AC:M/Au:N/C:P/I:P/A:P)|
|TREND MICRO CUSTOMER PROTECTION||Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 13489. For further product information on the TippingPoint IPS: http://www.tippingpoint.com|
The specific flaw exists within the 'mvhd' atom. By providing a malformed version and flags, an attacker is able to create controllable memory corruption, and trigger an arbitrary write operation. By exploiting this, an attacker could execute code in the context of the current user.
12/20/2013 - Disclosed to vendor
-- Vendor Mitigation:
The vendor did not provide any mitigations.
Given the stated purpose of QuickTime, and the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application to trusted media files.
|CREDIT||Andrea Micalizzi aka rgod