QuickTime < 7.4.5 Multiple Vulnerabilities (Mac OS X)

high Nessus Plugin ID 31736

Synopsis

The remote Mac OS X host contains an application that is affected by multiple vulnerabilities.

Description

The version of QuickTime installed on the remote Mac OS X host is older than 7.4.5. Such versions contain several vulnerabilities :

- Untrusted Java applets may obtain elevated privileges (CVE-2008-1013).

- Downloading a movie file may lead to information disclosure (CVE-2008-1014).

- Viewing a specially crafted movie file may lead to a program crash or arbitrary code execution (CVE-2008-1015, CVE-2008-1016, CVE-2008-1017, CVE-2008-1018, CVE-2008-1021, CVE-2008-1022).

- Opening a specially crafted PICT image file may lead to a program crash or arbitrary code execution (CVE-2008-1019, CVE-2008-1020, CVE-2008-1023).

Solution

Either use QuickTime's Software Update preference to upgrade to the latest version or manually upgrade to QuickTime 7.4.5 or later.

See Also

http://support.apple.com/kb/HT1241

http://www.nessus.org/u?c815ff7d

Plugin Details

Severity: High

ID: 31736

File Name: macosx_Quicktime745.nasl

Version: 1.14

Type: local

Agent: macosx

Published: 4/3/2008

Updated: 9/17/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:apple:quicktime

Required KB Items: MacOSX/QuickTime/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 4/2/2008

Reference Information

CVE: CVE-2008-1013, CVE-2008-1014, CVE-2008-1015, CVE-2008-1016, CVE-2008-1017, CVE-2008-1018, CVE-2008-1019, CVE-2008-1020, CVE-2008-1021, CVE-2008-1022, CVE-2008-1023

BID: 28583

CWE: 119, 20, 200, 94

Secunia: 29650