Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

QuickTime < 7.5 Multiple Vulnerabilities

High

Synopsis

The remote Mac OS X host contains an application that is affected by multiple vulnerabilities.

Description

The version of QuickTime installed on the remote Mac OS X host is older than 7.5. Such versions contain several vulnerabilities :

- There is a heap buffer overflow in QuickTime's handling of PICT image files that could result in a program crash or arbitrary code execution (CVE-2008-1583). - There is a memory corruption issue in QuickTime's handling of AAC-encoded media content that could result in a program crash or arbitrary code execution (CVE-2008-1582). - There is a stack buffer overflow in QuickTime's handling of Indeo video codec content that could result in a program crash or arbitrary code execution (CVE-2008-1584). - There is a URL handling issue in QuickTime's handling of 'file:' URLs that may allow launching of arbitrary applications (CVE-2008-1585).

Solution

Either use QuickTime's Software Update preference to upgrade to the latest version or manually upgrade to QuickTime 7.5 or later.