The vulnerability exists within the QuickTimeVR.qtx component when processing a QTVRStringAtom having an overly large "stringLength" parameter. This can be exploited to cause a based buffer overflow and execute arbitrary code under the context of the user running the application. This module runs a web server waiting for vulnerable clients (Internet Explorer 6, 7 or 8) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
CVE Link
Exploit Platform
Exploit Type
Product Name