Zero Day Initiative Advisory 11-257 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a frame within an H.264 encoded movie. When processing a particular set of flags of a structure, the application will use a length that is defined within the structure to copy data into a statically sized buffer on the stack. Due to the application failing to check the bounds of this length, the application will write outside the bounds of the buffer which can lead to code execution under the context of the application.
cdb1fff5d1189aa470f9941b86f7f44595f91c34c0571417c67f93bf2b3f6afb
Zero Day Initiative Advisory 11-255 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a frame within an H.264 encoded movie. When processing a particular set of flags of a structure, the application will use a length that is defined within the structure to copy data into a statically sized buffer on the stack. Due to the application failing to check the bounds of this length, the application will write outside the bounds of the buffer which can lead to code execution under the context of the application.
eb22a6085f298a0e2ddb2331f396d5648396388c8b27503cb5dcb3901124e6fa
Apple Security Advisory 2011-08-03-1 - QuickTime version 7.7 has been made available to address multiple code execution, cross-origin, integer overflow, memory corruption, and other vulnerabilities.
08c8a33c814803db93ff4136d87bacc64dfe68c5d11475ce6a6bccf0835835c9