Quicktime < 7.0.3 Multiple Vulnerabilities (Mac OS X)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote version of QuickTime may allow an attacker to execute arbitrary
code on the remote host.

Description :

The remote Mac OS X host is running a version of Quicktime 7 which is older
than Quicktime 7.0.3.

The remote version of this software is vulnerable to various buffer overflows
which may allow an attacker to execute arbitrary code on the remote host by
sending a malformed file to a victim and have him open it using QuickTime
player.

See also :

http://www.nessus.org/u?49086446

Solution :

Install Quicktime 7.0.3 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: MacOS X Local Security Checks

Nessus Plugin ID: 20135 (macosx_Quicktime703.nasl)

Bugtraq ID: 15306
15307
15308
15309

CVE ID: CVE-2005-2753
CVE-2005-2754
CVE-2005-2755
CVE-2005-2756