Apple QuickTime < 7.7.9 Multiple RCE (Windows)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains an application that is affected by
multiple remote code execution vulnerabilities.

Description :

The version of Apple QuickTime installed on the remote Windows host is
prior to 7.7.9. It is, therefore, affected by multiple remote code
execution vulnerabilities due to improper validation of user-supplied
input. An unauthenticated, remote attacker can exploit these, via a
crafted movie file, to execute arbitrary code or cause a denial of
service through memory corruption.

See also :

https://support.apple.com/en-us/HT205638

Solution :

Upgrade to Apple QuickTime version 7.7.9 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now