FreeBSD : win32-codecs -- multiple vulnerabilities (24f6b1eb-43d5-11db-81e1-000e0c2e438a)

This script is Copyright (C) 2006-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The Apple Security Team reports that there are multiple
vulnerabilities within QuickTime (one of the plugins for
win32-codecs). A remote attacker capable of creating a malicious SGI
image, FlashPix, FLC movie, or a QuickTime movie can possibly lead to
execution of arbitrary code or cause a Denial of Service (application
crash).

Users who have QuickTime (/win32-codecs) as a browser plugin may be
vulnerable to remote code execution by visiting a website containing a
malicious SGI image, FlashPix, FLC movie or a QuickTime movie.

See also :

http://docs.info.apple.com/article.html?artnum=304357
http://www.nessus.org/u?84da1860

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 4.4
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 22885 (freebsd_pkg_24f6b1eb43d511db81e1000e0c2e438a.nasl)

Bugtraq ID: 20138

CVE ID: CVE-2006-4381
CVE-2006-4382
CVE-2006-4384
CVE-2006-4385
CVE-2006-4386
CVE-2006-4388
CVE-2006-4389

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now