Apple QuickTime 7.6.6 and 7.6.8: Array-Indexing Vulnerability

Users of Apple QuickTime 7.6.6 and 7.6.8 please be advised of an Array-Indexing vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (

Quicktime-SA-11/11/2010: QuickTime Sorenson Video 3 Array-Indexing Vulnerability
Affected Software

* Apple QuickTime 7.6.6 and 7.6.8

NOTE: Other versions may also be affected.

Description of Vulnerability

Secunia Research has discovered a vulnerability in QuickTime, which
can be exploited by malicious people to compromise a user’s system.

The vulnerability is caused by an array-indexing error when parsing
Sorenson Video 3 content and can be exploited to corrupt memory during
decompression via a specially crafted file.

Successful exploitation may allow execution of arbitrary code.