Apple QuickTime hit by buffer overflow

The latest QuickTime flaw affects Windows and Mac systems

Apple's QuickTime software has been hit by a buffer overflow bug that could allow malicious code to be run on Windows and Mac PCs. 

The vulnerability uses a specially crafted QTL file to cause a stack-based buffer overflow that allows the execution of arbitrary code.

The problem occurs when an 'src' parameter is created with more than 256 bytes.

"After successful exploitation, control over EIP is gained. This is a simple good-old stack smashing," said the first report of the problem at the Month of Apple Bugs website. 

The vulnerability has been successfully exploited in QuickTime version 7.1.3, although previous versions are also expected to be vulnerable.

Security website Secunia warned that the only way for users to protect themselves against the attack is not to open untrusted QTL files.

• Apple fixes QuickTime spyware flaw
• QuickTime flaw could go beyond MySpace