The remote Windows host contains an application that may be affected
by multiple vulnerabilities.
The version of QuickTime installed on the remote Windows host is
earlier than 7.7.5. It is, therefore, reportedly affected by the
following vulnerabilities :
- Out-of-bounds byte swapping issues exist in the
handling of QuickTime image descriptions and 'ttfo'
elements. (CVE-2013-1032, CVE-2014-1250)
- An uninitialized pointer issue exists in the handling of
track lists. (CVE-2014-1243)
- Buffer overflow vulnerabilities exist in the handling of
H.264 encoded movie files, 'ftab' atoms, 'ldat' atoms,
PSD images, and 'clef' atoms. (CVE-2014-1244,
CVE-2014-1248, CVE-2014-1249, CVE-2014-1251)
- A signedness issue exists in the handling of 'stsz'
- A memory corruption issue exists in the handling of
'dref' atoms. (CVE-2014-1247)
Successful exploitation of these issues could result in program
termination or arbitrary code execution, subject to the user's
See also :
Upgrade to QuickTime 7.7.5 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : false