CVE-2011-3428

Name of the Vulnerable Software and Affected Versions: QuickTime versions prior to 7.7.1

Description: The issue is caused by a buffer overflow in the QuickTime multimedia package. Exploitation of this issue may allow a remote attacker to execute arbitrary code. The buffer overflow exists in QuickTime's handling of RLE encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X systems.

Recommendations: For versions prior to 7.7.1, update to version 7.7.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of RLE encoded movie files until a patch is available. Restrict access to maliciously crafted movie files to minimize the risk of exploitation.