QuickTime < 7.7.5 Multiple Vulnerabilities (Windows)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Synopsis :

The remote Windows host contains an application that may be affected
by multiple vulnerabilities.

Description :

The version of QuickTime installed on the remote Windows host is
earlier than 7.7.5. It is, therefore, reportedly affected by the
following vulnerabilities :

- Out-of-bounds byte swapping issues exist in the
handling of QuickTime image descriptions and 'ttfo'
elements. (CVE-2013-1032, CVE-2014-1250)

- An uninitialized pointer issue exists in the handling of
track lists. (CVE-2014-1243)

- Buffer overflow vulnerabilities exist in the handling of
H.264 encoded movie files, 'ftab' atoms, 'ldat' atoms,
PSD images, and 'clef' atoms. (CVE-2014-1244,
CVE-2014-1248, CVE-2014-1249, CVE-2014-1251)

- A signedness issue exists in the handling of 'stsz'
atoms. (CVE-2014-1245)

- A memory corruption issue exists in the handling of
'dref' atoms. (CVE-2014-1247)

Successful exploitation of these issues could result in program
termination or arbitrary code execution, subject to the user's

See also :


Solution :

Upgrade to QuickTime 7.7.5 or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : false

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial