QuickTime < 6.5.1 .mov File sample-to-chunk Table Data Handling Overflow (Windows)

This script is Copyright (C) 2004-2011 Jeff Adams


Synopsis :

The remote Windows host has a media player installed that is affected
by a remote code execution vulnerability.

Description :

The remote host is using QuickTime, a popular media player/Plug-in
that handles many Media files.

This version has a Heap overflow that could allow an attacker
to execute arbitrary code on this host, with the rights of the user
running QuickTime.

See also :

http://eeye.com/html/Research/Advisories/AD20040502.html

Solution :

Upgrade to QuickTime version 6.5.1 or higher.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 4.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 12226 ()

Bugtraq ID: 10257

CVE ID: CVE-2004-0431

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now