The vulnerability exists within the way Quicktime handles the PnSize
PICT opcode. It converts an unsigned 16 bit value into a signed 32 bit
value, this is later used as the size parameter for a memory copy
function that copies from the file onto the stack. The results in a
stack based buffer overflow that allows for remote code execution under
the context of the current user.
PICT opcode. It converts an unsigned 16 bit value into a signed 32 bit
value, this is later used as the size parameter for a memory copy
function that copies from the file onto the stack. The results in a
stack based buffer overflow that allows for remote code execution under
the context of the current user.
CVE Link
Exploit Type - Old
Exploits/Client Side
Exploit Platform
Exploit Type
Product Name