Quicktime < 7.0.1 Quartz Composer Information Disclosure (Mac OS X)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.

Synopsis :

The remote host has an application that is affected by an information
disclosure vulnerability.

Description :

The remote Mac OS X host is running a version of Quicktime 7 which is
older than Quicktime 7.0.1. The remote version of this software is
vulnerable to an information disclosure flaw when handling Quartz
Composer files which may leak data to an arbitrary web location.

To exploit this flaw, an attacker would need to lure a user on the
remote host into viewing a specially crafted Quartz Composer object.

See also :


Solution :

Install Quicktime 7.0.1

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 18521 (macosx_Quicktime701.nasl)

Bugtraq ID: 13603

CVE ID: CVE-2005-1579

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now