QuickTime < 7.0.4 Multiple Vulnerabilities (Windows)

This script is Copyright (C) 2006-2017 Tenable Network Security, Inc.


Synopsis :

The remote version of QuickTime is affected by multiple code execution
vulnerabilities.

Description :

The remote Windows host is running a version of QuickTime prior to
7.0.4.

The remote version of QuickTime is vulnerable to various buffer
overflows involving specially crafted image and media files. An
attacker may be able to leverage these issues to execute arbitrary
code on the remote host by sending a malformed file to a victim and
have him open it using QuickTime player.

See also :

http://www.nessus.org/u?9d477727
http://seclists.org/fulldisclosure/2006/Jan/397
http://seclists.org/fulldisclosure/2006/Jan/401
http://seclists.org/fulldisclosure/2006/Jan/403
http://seclists.org/fulldisclosure/2006/Jan/405
http://seclists.org/fulldisclosure/2006/Jan/406
http://lists.apple.com/archives/security-announce/2006/Jan/msg00001.html
http://docs.info.apple.com/article.html?artnum=303101

Solution :

Upgrade to QuickTime version 7.0.4 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now