Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Quicktime (for Windows) < 7.7.5 Multiple Vulnerabilities (deprecated)

Medium

Synopsis

The version of QuickTime on the remote Windows machine is affected by multiple code execution vulnerabilities.

Description

Versions older than Quicktime 7.7.5 contain the following vulnerabilities:

- An uninitialized pointer issue when handling track lists, which can be leveraged by an attacker to execute arbitrary code or application termination (CVE-2014-1243)

- Multiple buffer overflow vulnerabilities, which can be leveraged by an attacker to execute arbitrary code or application termination (CVE-2014-1244, 2014-1246, CVE-2014-1248, CVE-2014-1249, CVE-2014-1251)

- Multiple out-of-bounds byte swapping issues, which can be leveraged by an attacker to execute arbitrary code or application termination (CVE-2014-1250, CVE-2013-1032)

- A signedness issue in the handling of 'stsz' atoms, which can be leveraged by an attacker to execute arbitrary code or application termination (CVE-2014-1245)

- A memory corruption issue when handling the 'dref' atoms, which can be leveraged by an attacker to execute arbitrary code or application termination (CVE-2014-1247)

Solution

Upgrade to version 7.7.5 or higher.