QuickTime < 7.6.4 Multiple Vulnerabilities (Mac OS X)

high Nessus Plugin ID 40928

Synopsis

The remote Mac OS X host contains an application that is affected by multiple vulnerabilities.

Description

The version of QuickTime installed on the remote Mac OS X host is older than 7.6.4. Such versions contain several vulnerabilities :

- A memory corruption issue in QuickTime's handling of H.264 movie files may lead to an application crash or arbitrary code execution. (CVE-2009-2202)

- A buffer overflow in QuickTime's handling of MPEG-4 video files may lead to an application crash or arbitrary code execution. (CVE-2009-2203)

- A heap buffer overflow in QuickTime's handling of FlashPix files may lead to an application crash or arbitrary code execution. (CVE-2009-2798)

- A heap buffer overflow in QuickTime's handling of H.264 movie files may lead to an application crash or arbitrary code execution. (CVE-2009-2799)

Solution

Upgrade to QuickTime 7.6.4 or later.

See Also

http://support.apple.com/kb/HT3859

http://lists.apple.com/archives/security-announce/2009/Sep/msg00002.html

Plugin Details

Severity: High

ID: 40928

File Name: macosx_Quicktime764.nasl

Version: 1.11

Type: local

Agent: macosx

Published: 9/10/2009

Updated: 7/14/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:apple:quicktime

Required KB Items: MacOSX/QuickTime/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 9/9/2009

Reference Information

CVE: CVE-2009-2202, CVE-2009-2203, CVE-2009-2798, CVE-2009-2799

BID: 36328

CWE: 119