Apple QuickTime PICT File PnSize Buffer Overflow Exploit

The vulnerability exists within the way Quicktime handles the PnSize PICT opcode. It converts an unsigned 16 bit value into a signed 32 bit value, this is later used as the size parameter for a memory copy function that copies from the file onto the stack. The results in a stack based buffer overflow that allows for remote code execution under the context of the current user.
Exploit type: 
Vulnerabilty ID: 
Released Date: 
Thursday, August 18, 2011 - 19:00