<excerpt>When the data format field (offset 4 of the sample description table extension) is 'RVZA' (Apple Video), it is possible to trigger a sign extension vulnerability which leads to a buffer underflow</excerpt>. An attacker may overwrite crucial data such as function pointers, flags, heap structures and so forth. Doing so may allow an attacker to alter the normal control flow of the application and execute arbitrary code. A simple attack vector would be to lure the victim to browse to a web site controlled by the attacker, which serves a malicious QuickTime file that exploits this vulnerability.

-</p>

Make your website safer. Use external penetration testing service. First report ready in one hour!</p>

**Hidden Content: To see this hidden content your post count must be 1 or greater.**