QuickTime < 6.5.2 PictureViewer Malformed JPEG Overflow (Windows)

This script is Copyright (C) 2005-2011 Tenable Network Security, Inc.


Synopsis :

Arbitrary code may be run on the remote host.

Description :

The remote host is using QuickTime, a popular media player/Plug-in
that handles many Media files.

The remote version of this software contains a buffer overflow vulnerability
in its PictureViewer that could allow an attacker to execute arbitrary code
on the remote host.

To exploit this vulnerability, an attacker needs to send a malformed image
file to a victim on the remote host and wait for it to be opened using
QuickTime PictureViewer

Solution :

Upgrade to QuickTime version 6.5.2 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.4
(CVSS2#E:U/RL:U/RC:ND)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 17637 ()

Bugtraq ID: 12905

CVE ID: CVE-2005-0903

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now