Description: | | A buffer overflow vulnerability exists in the way Apple QuickTime handles Real Time Streaming Protocol (RTSP) responses. The flaw is due to boundary error when parsing a crafted Content-Type header. A remote attacker can exploiting this vulnerability by enticing the target user to visit a malicious web site. Successful attack could allow for arbitrary code injection and execution with the privileges of the currently logged on user. In a attack where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the currently logged in user. In an attack case where code injection is not successful, the vulnerable QuickTime application may terminate abnormally. |