Quicktime < 7.0.1 Quartz Composer Information Disclosure (Mac OS X)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote host has an application that is affected by an information
disclosure vulnerability.

Description :

The remote Mac OS X host is running a version of Quicktime 7 which is
older than Quicktime 7.0.1. The remote version of this software is
vulnerable to an information disclosure flaw when handling Quartz
Composer files which may leak data to an arbitrary web location.

To exploit this flaw, an attacker would need to lure a user on the
remote host into viewing a specially crafted Quartz Composer object.

See also :

http://lists.apple.com/archives/security-announce/2005/May/msg00006.html
http://www.securityfocus.com/advisories/8642

Solution :

Install Quicktime 7.0.1

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 18521 (macosx_Quicktime701.nasl)

Bugtraq ID: 13603

CVE ID: CVE-2005-1579