Apple QuickTime ActiveX Component Buffer Overrun
Apple QuickTime ActiveX Component Buffer Overrun
A SecurityFocus Online article discusses a QuickTime Buffer Overrun problem that could result in a security vulnerability:
"A vulnerability has been reported in the Apple Quicktime ActiveX component for Internet Explorer. The vulnerability is a buffer overrun condition that is due to inadequate bounds checking of supplied arguments. If the component is invoked with the "pluginspage" argument set to a string value that is of excessive length, the overrun will occur. This condition is reportedly exploitable and may result in attacker supplied instructions being run on affected client systems."
This vulnerability is eliminated in version 6 of the QuickTime ActiveX component, and SecurityFocus reports effective that an effective workaround for QuickTime 5 users is to set the "Kill-bit" for the ActiveX component. See Microsoft's instructions.