Detections
Analytics

Quicktime < 7.1 on Mac OS X Multiple Vulnerabilities

high Log Correlation Engine Plugin ID 801197

Synopsis

The remote version of QuickTime is affected by multiple overflow vulnerabilities.

Description

The remote Mac OS X host is running a version of Quicktime prior to 7.1. The remote version of Quicktime is vulnerable to various integer and buffer overflows involving specially-crafted image and media files. An attacker may be able to leverage these issues to execute arbitrary code on the remote host by sending a malformed file to a victim and having it opened using QuickTime player.

Solution

Install version 7.1 or higher.

See Also

lists.grok.org.uk/pipermail/full-disclosure/2006-May/045979.html

lists.grok.org.uk/pipermail/full-disclosure/2006-May/045981.html

docs.info.apple.com/article.html?artnum=303752

Plugin Details

Severity: High

ID: 801197

Family: Web Clients

Nessus ID: 21554

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Reference Information

CVE: CVE-2005-2337, CVE-2005-2628, CVE-2005-4077, CVE-2006-0024, CVE-2006-1249, CVE-2006-1439, CVE-2006-1440, CVE-2006-1441, CVE-2006-1442, CVE-2006-1443, CVE-2006-1444, CVE-2006-1445, CVE-2006-1446, CVE-2006-1447, CVE-2006-1448, CVE-2006-1449, CVE-2006-1450, CVE-2006-1451, CVE-2006-1452, CVE-2006-1453, CVE-2006-1454, CVE-2006-1455, CVE-2006-1456, CVE-2006-1457, CVE-2006-1458, CVE-2006-1459, CVE-2006-1460, CVE-2006-1461, CVE-2006-1462, CVE-2006-1463, CVE-2006-1464, CVE-2006-1465, CVE-2006-1552, CVE-2006-1614, CVE-2006-1615, CVE-2006-1630, CVE-2006-1982, CVE-2006-1983, CVE-2006-1984, CVE-2006-1985, CVE-2006-2238

BID: 17951, 17953, 17074