icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons

Quicktime (for Windows) < 7.7.5 Multiple Vulnerabilities

Medium

Synopsis

The version of QuickTime on the remote Windows machine is affected by multiple code execution vulnerabilities.

Description

Versions older than Quicktime 7.7.5 contain the following vulnerabilities:

- An uninitialized pointer issue when handling track lists, which can be leveraged by an attacker to execute arbitrary code or application termination (CVE-2014-1243)

- Multiple buffer overflow vulnerabilities, which can be leveraged by an attacker to execute arbitrary code or application termination (CVE-2014-1244, 2014-1246, CVE-2014-1248, CVE-2014-1249, CVE-2014-1251)

- Multiple out-of-bounds byte swapping issues, which can be leveraged by an attacker to execute arbitrary code or application termination (CVE-2014-1250, CVE-2013-1032)

- A signedness issue in the handling of 'stsz' atoms, which can be leveraged by an attacker to execute arbitrary code or application termination (CVE-2014-1245)

- A memory corruption issue when handling the 'dref' atoms, which can be leveraged by an attacker to execute arbitrary code or application termination (CVE-2014-1247)

Solution

Upgrade to version 7.7.5 or higher.