Multiple vulnerabilities have been reported in Apple Quicktime, which can be exploited by malicious people to compromise a user's system.

For more information:
SA46339
SA46417

1) An integer overflow error when handling PICT files can be exploited via a specially crafted .pict file.

2) A signedness error when parsing font names embedded within an atom in RLE encoded samples can be exploited to cause a buffer overflow via a specially crafted movie file.

3) An error when handling FLC Delta Decompression blocks in FLIC files can be exploited to cause a buffer overflow via a specially crafted file.

4) An integer overflow error when processing the Coding Style Default (COD) marker segment can be exploited to cause a buffer overflow via a specially crafted JPEG2000 file.

5) An error when handling TKHD atoms within QuickTime movie files can be exploited to cause a buffer underflow via a specially crafted movie file.

Note: The vulnerabilities #1 and #5 do not affect Mac OS X versions.

Solution
Update to version 7.7.1.
Further details available in Customer Area

Provided and/or discovered by
1, 2, 4) Luigi Auriemma via ZDI.
3) Matt 'j00ru' Jurczyk via ZDI.
4) An anonymous person via ZDI.
5) Damian Put via ZDI.

Changelog
Further details available in Customer Area

Original Advisory
Apple:
http://support.apple.com/kb/HT5016

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-11-314/
http://www.zerodayinitiative.com/advisories/ZDI-11-315/
http://www.zerodayinitiative.com/advisories/ZDI-11-316/
http://www.zerodayinitiative.com/advisories/ZDI-11-340/
http://www.zerodayinitiative.com/advisories/ZDI-12-004/
http://www.zerodayinitiative.com/advisories/ZDI-12-005/

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area