icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

QuickTime < 7.5 Multiple Vulnerabilities

Medium

Synopsis

The remote Mac OS X host contains an application that is affected by multiple vulnerabilities.

Description

The version of QuickTime installed on the remote Mac OS X host is older than 7.5. Such versions contain several vulnerabilities :

- There is a heap buffer overflow in QuickTime's handling of PICT image files that could result in a program crash or arbitrary code execution (CVE-2008-1583). - There is a memory corruption issue in QuickTime's handling of AAC-encoded media content that could result in a program crash or arbitrary code execution (CVE-2008-1582). - There is a stack buffer overflow in QuickTime's handling of Indeo video codec content that could result in a program crash or arbitrary code execution (CVE-2008-1584). - There is a URL handling issue in QuickTime's handling of 'file:' URLs that may allow launching of arbitrary applications (CVE-2008-1585).

Solution

Either use QuickTime's Software Update preference to upgrade to the latest version or manually upgrade to QuickTime 7.5 or later.