This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.
The remote Windows host contains an application that is affected by
The version of QuickTime installed on the remote Windows host is
older than 7.6.8. Such versions are reportedly affected by two
- An input validation issue in the QTPlugin.ocx ActiveX
control could allow an attacker to force the application
to jump to a location in memory controlled by the
attacker through the optional '_Marshaled_pUnk'
parameter and in turn to execute remote code under the
context of the user running the web browser.
- QuickTime Picture Viewer uses a fixed path to look for
specific files or libraries, such as 'cfnetwork.dll'
and 'corefoundation.dll', and this path includes
directories that may not be trusted or under user
control. If an attacker places a maliciously crafted
DLL in the same directory as an image file, opening
the image file with QuickTime Picture Viewer will cause
the malicious DLL to be loaded. (CVE-2010-1819)
See also :
Upgrade to QuickTime 7.6.8 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true