icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Quicktime Multiple Integer Overflows

High

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote host is running an older version of Quicktime player for Microsoft Windows. This version is vulnerable to a remote overflow. A remote attacker exploiting this flaw would need to create a malicious Quicktime file and entice the user to play it. A successful exploit would allow the attacker to execute random code within the context of the local machine. Additionally, there is a similar flaw within the Quicktime library that displays JPEG files. An attacker exploiting this second flaw would need to be able to convince a user into viewing a malicious JPEG file within the Quicktime viewer. Successful exploitation would result in arbitrary code being executed on the victim system.

Solution

Upgrade or patch according to vendor recommendations.