CVE-2006-1249

Name of the Vulnerable Software and Affected Versions Apple QuickTime Player versions 7.0.3 through 7.0.4 iTunes versions 6.0.1 through 6.0.2

Description The issue is related to an integer overflow in the handling of FlashPix (FPX) images. This overflow can be triggered by a specially crafted FPX image that contains a field specifying a large number of blocks, allowing remote attackers to execute arbitrary code.

Recommendations For Apple QuickTime Player versions 7.0.3 through 7.0.4, consider updating to a newer version to resolve the issue. For iTunes versions 6.0.1 through 6.0.2, consider updating to a newer version to resolve the issue. As a temporary workaround, consider avoiding the use of FlashPix (FPX) images in Apple QuickTime Player and iTunes until a patch is available.