Critical vulnerability in Apple QuickTime

A highly critical vulnerability (as dubbed by security researchers from Secunia) affects the latest version of Apple QuickTime Player for Windows.

“The vulnerability is caused due to a boundary error in QuickTimeStreaming.qtx when constructing a string to write to a debug log file,” says researcher Krystian Kloskowski. “This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into viewing a specially crafted web page that references a SMIL file containing an overly long URL.”

If the flaw is successfully exploited, arbitrary code can be executed by the attacker, and the system can be compromised.

So far, the vulnerability is confirmed to affect only the latest version of the software (7.6.6) for Windows, which was released on March 30th.

A response from Apple is still pending.