Apple QuickTime Unsupported on Windows

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

Apple QuickTime is installed on the remote Windows host.

Description :

Apple no longer supports any version of QuickTime on Windows.

Lack of support implies that no new security patches for the product
will be released by the vendor. As a result, it is likely to contain
security vulnerabilities.

Note that the last version of QuickTime released for Windows had known
vulnerabilities related to processing atom indexes. A remote attacker
can exploit these, by convincing a user to view a malicious website
or open a crafted file, to cause heap corruption within QuickTime,
resulting in the execution of arbitrary code in the context of the
user or process running QuickTime.

See also :

https://support.apple.com/HT205771
http://www.zerodayinitiative.com/advisories/ZDI-16-242/
http://www.zerodayinitiative.com/advisories/ZDI-16-241/
https://www.us-cert.gov/ncas/alerts/TA16-105A

Solution :

Uninstall Apple QuickTime.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Windows

Nessus Plugin ID: 90544 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now