http://support.apple.com/kb/HT6443

69907

1030868

macosx-cve20141391-code-exec(96049)

https://support.apple.com/kb/HT6493

The version of Apple QuickTime installed on the remote Windows host is prior to 7.7.6. It is, therefore, affected by the following vulnerabilities :

  - A memory corruption flaw exists when handling specially     crafted RLE encoded videos due to user-supplied input     not being properly sanitized. (CVE-2014-1391)

  - A buffer overflow flaw exists when parsing specially     crafted MIDI files due to user-supplied input not being     properly validated. (CVE-2014-4350)

  - A buffer overflow flaw exists when parsing specially     crafted M4A files due to user-supplied input not being     properly validated. (CVE-2014-4351)

  - A memory corruption flaw exists in the mvhd atom when     handling malformed version numbers and flags due to not     properly sanitizing user-supplied input. (CVE-2014-4979)

Successful exploitation of these issues by a remote attacker can result in program termination or arbitrary code execution, subject to the user's privileges.

The remote host is running a version of Mac OS X that is older than 10.9.5, and is thus missing security-related fixes for the following components:

  - Bluetooth
  - CoreGraphics
  - Foundation
  - IOAcceleratorFamily
  - IOHIDFamily
  - IOKit
  - Intel Graphics Driver
  - Kernel
  - Libnotify
  - OpenSSL
  - QT Media Foundation
  - apache_mod_php
  - ruby

Note that successful exploitation of the most serious issues could result in arbitrary code execution.

The remote host is running a version of Mac OS X 10.7 or 10.8 that does not have Security Update 2014-004 applied. This update contains several security-related fixes for the following components :

  - CoreGraphics
  - Intel Graphics Driver
  - IOAcceleratorFamily
  - IOHIDFamily
  - IOKit
  - Libnotify
  - OpenSSL
  - QT Media Foundation

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The remote host is running a version of Mac OS X 10.9.x that is prior to version 10.9.5. This update contains several security-related fixes for the following components :

  - apache_mod_php
  - Bluetooth
  - CoreGraphics
  - Foundation
  - Intel Graphics Driver
  - IOAcceleratorFamily
  - IOHIDFamily
  - IOKit
  - Kernel
  - Libnotify
  - OpenSSL
  - QT Media Foundation
  - ruby

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

ID	Name	Product	Family	Severity
78678	QuickTime < 7.7.6 Multiple Vulnerabilities (Windows)	Nessus	Windows	high
8394	Mac OS X < 10.9.5 Multiple Vulnerabilities (Security Update 2014-004)	Nessus Network Monitor	Web Clients	critical
77749	Mac OS X Multiple Vulnerabilities (Security Update 2014-004)	Nessus	MacOS X Local Security Checks	critical
77748	Mac OS X 10.9.x < 10.9.5 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical

CVE-2014-1391

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

Vulnerable Software

Configuration 1

Tenable Plugins

high

critical

critical

critical