Quicktime < 7.1.3 Multiple Vulnerabilities (Mac OS X)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote version of QuickTime is affected by multiple overflow
vulnerabilities.

Description :

The remote Mac OS X host is running a version of Quicktime prior to
7.1.3.

The remote version of Quicktime is vulnerable to various integer and
buffer overflows involving specially crafted image and media files.
An attacker may be able to leverage these issues to execute arbitrary
code on the remote host by sending a malformed file to a victim and
having him open it using QuickTime player.

See also :

http://www.nessus.org/u?8e07f29f

Solution :

Upgrade to Quicktime version 7.1.3 or later.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 4.0
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 22335 (macosx_Quicktime713.nasl)

Bugtraq ID: 19976

CVE ID: CVE-2006-4381
CVE-2006-4382
CVE-2006-4384
CVE-2006-4385
CVE-2006-4386
CVE-2006-4388
CVE-2006-4389