Quicktime (for Windows) < 7.7.5 Multiple Vulnerabilities
PVS ID: 8139 FAMILY: Web Clients RISK: MEDIUM NESSUS ID:Not Available
Description: Synopsis :\n\nThe version of QuickTime on the remote Windows machine is affected by multiple code execution vulnerabilities.\n\nVersions older than Quicktime 7.7.5 contain the following vulnerabilities:\n\n - An uninitialized pointer issue when handling track lists (CVE-2014-1243), which can be leveraged by an attacker to execute arbitrary code or application termination\n\n - Multiple buffer overflow vulnerabilities, which can be leveraged by an attacker to execute arbitrary code or application termination (CVE-2014-1244, 2014-1246, CVE-2014-1248, CVE-2014-1249, CVE-2014-1251)\n\n - Multiple out-of-bounds byte swapping issues, which can be leveraged by an attacker to execute arbitrary code or application termination (CVE-2014-1250, CVE-2013-1032)\n\n - A signedness issue in the handling of 'stsz' atoms, which can be leveraged by an attacker to execute arbitrary code or application termination (CVE-2014-1245)\n\n - A memory corruption issue when handling the 'dref' atoms, which can be leveraged by an attacker to execute arbitrary code or application termination (CVE-2014-1247)\n\nFor your information, the observed version of Quicktime was: \n%L

Solution: Upgrade to version 7.7.5 or higher.

CVE-2014-1251


Copyright Tenable Network Security Inc. 2014