Quicktime < 7.1 on Mac OS X Multiple Vulnerabilities

High Log Correlation Engine Plugin ID 801197

Synopsis

The remote version of QuickTime is affected by multiple overflow vulnerabilities.

Description

The remote Mac OS X host is running a version of Quicktime prior to 7.1. The remote version of Quicktime is vulnerable to various integer and buffer overflows involving specially-crafted image and media files. An attacker may be able to leverage these issues to execute arbitrary code on the remote host by sending a malformed file to a victim and having it opened using QuickTime player.

Solution

Install version 7.1 or higher.

See Also

lists.grok.org.uk/pipermail/full-disclosure/2006-May/045979.html

lists.grok.org.uk/pipermail/full-disclosure/2006-May/045981.html

docs.info.apple.com/article.html?artnum=303752