CVE-2005-2753

Name of the Vulnerable Software and Affected Versions Apple QuickTime versions prior to 7.0.3

Description The issue allows user-assisted attackers to execute arbitrary code via a crafted MOV file. This is due to an integer overflow caused by the sign extension of the length element in a Pascal style string. A remote overflow exists in Quicktime, where the program fails to validate movie files, resulting in an integer overflow. With a specially crafted file containing an embedded "Pascal" style string, an attacker can cause a very large memory copy leading to remote code execution, resulting in a loss of integrity.

Recommendations For Apple QuickTime versions prior to 7.0.3, update to version 7.0.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted MOV files that contain "Pascal" style strings until a patch is applied. Restrict access to untrusted movie files to minimize the risk of exploitation.