The vulnerability exists within the QuickTimeVR.qtx component when processing a QTVRStringAtom having an overly large "stringLength" parameter. This can be exploited to cause a based buffer overflow and execute arbitrary code under the context of the user running the application. This update adds support for Internet Explorer 6 and 8 and bypass DEP. Also allows to send the mov file by email to open it directly with QuickTimePlayer.
Thursday, August 2, 2012 - 00:00