Quicktime (for Windows) < 7.7.5 Multiple Vulnerabilities

Medium

Synopsis

The version of QuickTime on the remote Windows machine is affected by multiple code execution vulnerabilities.

Description

Versions older than Quicktime 7.7.5 contain the following vulnerabilities:

- An uninitialized pointer issue when handling track lists, which can be leveraged by an attacker to execute arbitrary code or application termination (CVE-2014-1243)

- Multiple buffer overflow vulnerabilities, which can be leveraged by an attacker to execute arbitrary code or application termination (CVE-2014-1244, 2014-1246, CVE-2014-1248, CVE-2014-1249, CVE-2014-1251)

- Multiple out-of-bounds byte swapping issues, which can be leveraged by an attacker to execute arbitrary code or application termination (CVE-2014-1250, CVE-2013-1032)

- A signedness issue in the handling of 'stsz' atoms, which can be leveraged by an attacker to execute arbitrary code or application termination (CVE-2014-1245)

- A memory corruption issue when handling the 'dref' atoms, which can be leveraged by an attacker to execute arbitrary code or application termination (CVE-2014-1247)

Solution

Upgrade to version 7.7.5 or higher.