Quicktime < 6.5.2

Medium Nessus Plugin ID 15573


The remote host is missing a Mac OS X update that fixes a security issue.


The remote Mac OS X host is running a version of Quicktime that is older than Quicktime 6.5.2.

The remote version of this software reportedly fails to check bounds properly when decoding BMP images, leading to a heap overflow.

If a remote attacker can trick a user into opening a maliciously crafted BMP file using the affected application, this issue could be leveraged to execute arbitrary code on the affected host.


Upgrade to Quicktime 6.5.2 or later.

See Also



Plugin Details

Severity: Medium

ID: 15573

File Name: macosx_Quicktime652.nasl

Version: 1.22

Type: local

Agent: macosx

Published: 2004/10/27

Modified: 2017/05/30

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:apple:quicktime

Required KB Items: Host/MacOSX/packages

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2004/10/27

Vulnerability Publication Date: 2004/10/27

Reference Information

CVE: CVE-2004-0926

BID: 11322

OSVDB: 10501

Secunia: 13005