CVE-2005-2756

Name of the Vulnerable Software and Affected Versions Apple QuickTime versions prior to 7.0.3

Description The issue allows user-assisted attackers to execute arbitrary code via a crafted PICT file, triggering an overflow during expansion. A remote overflow exists in QuickTime due to the Picture Viewer's failure to validate the size of compressed PICT data, resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution, leading to a loss of integrity.

Recommendations For Apple QuickTime versions prior to 7.0.3, update to version 7.0.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted PICT files to minimize the risk of exploitation. Restrict access to the Picture Viewer module to minimize the risk of arbitrary code execution until the issue is resolved.