QuickDraw is integrated in Mac OS X since very early versions, used by Quicktime and any other application that needs to handle PICT images. A vulnerability exists in the handling of ARGB records (Alpha RGB) within PICT images, that leads to an exploitable memory corruption condition (ex. denial of service, so-called crash, which can be used to gain root privileges in combination with MOAB-22-01-2007).
For further information:
- Apple QuickDraw GetSrcBits32ARGB() Memory Corruption Vulnerability
- Proof of concept: MOAB-23-01-2007.pct