This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempts to exploit an integer overflow vulnerability in Apple Quicktime which may result in remote code execution.
QuickTime Player is the media player distributed by Apple for QuickTime and other media files.
QuickTime is prone to a vulnerability that may aid in the remote compromise of a vulnerable computer.
The issue occurs when a Java-enabled browser is used to view a malicious website. QuickTime must also be installed. The problem stems from a vulnerability in QuickTime when handling malicious Java code.
Specifically, the vulnerability resides in the 'toQTPointer()' function of the QuickTime Java extensions (QTJava.dll). The application fails to properly validate certain parameters to the affected function, allowing attackers to write arbitrary values to memory.
Attackers may exploit this issue to execute arbitrary code in the context of a user running the vulnerable application. Failed exploit attempts will likely result in denial-of-service conditions.
This issue is exploitable through both Safari and Mozilla Firefox running on Mac OS X. Reports indicate that Firefox on Windows platforms may also be an exploit vector.
Reports also indicate that Internet Explorer 6 and 7 running on Windows XP may be an exploit vector, but that a sandboxing feature may interfere with successful exploits. Neither of these points has been confirmed.
- Apple QuickTime Player 5.0.2, 6.1, 6.5, 6.5.1, 6.5.2, 7.0, 7.1, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5
Download and install all vendor patches related to this vulnerability.