Quicktime < 7.0.1 Quartz Composer Information Disclosure (Mac OS X)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote host has an application that is affected by an information
disclosure vulnerability.

Description :

The remote Mac OS X host is running a version of Quicktime 7 which is
older than Quicktime 7.0.1. The remote version of this software is
vulnerable to an information disclosure flaw when handling Quartz
Composer files which may leak data to an arbitrary web location.

To exploit this flaw, an attacker would need to lure a user on the
remote host into viewing a specially crafted Quartz Composer object.

See also :

http://lists.apple.com/archives/security-announce/2005/May/msg00006.html
http://www.securityfocus.com/advisories/8642

Solution :

Install Quicktime 7.0.1

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 18521 (macosx_Quicktime701.nasl)

Bugtraq ID: 13603

CVE ID: CVE-2005-1579

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial