Apple QuickTime PICT File PnSize Buffer Overflow Exploit

The vulnerability exists within the way Quicktime handles the PnSize PICT opcode. It converts an unsigned 16 bit value into a signed 32 bit value, this is later used as the size parameter for a memory copy function that copies from the file onto the stack. The results in a stack based buffer overflow that allows for remote code execution under the context of the current user.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2011-0257
Product Version: 
11.0
Released Date: 
Friday, August 19, 2011 - 00:00