QuickTime < 7.1.6 quicktime.util.QTHandleRef toQTPointer Method Arbitrary Code Execution (Windows)
High Nessus Plugin ID 25123
SynopsisThe remote Windows host contains an application that is prone to multiple attacks.
DescriptionAccording to its version, the installation of QuickTime on the remote Windows host contains a bug that might allow a rogue Java program to write anywhere in the heap.
An attacker may be able to leverage this issue to execute arbitrary code on the remote host by luring a victim into visiting a rogue page containing a malicious Java applet.
SolutionUpgrade to QuickTime version 7.1.6 or later.