Quicktime Multiple Vulnerabilities (Mac OS X 7.1.6 Security Update)

High Nessus Plugin ID 25346


The remote Mac OS X host contains an application that is prone to multiple attacks.


According to its version, the installation of Quicktime on the remote Mac OS X host that contains a bug which might allow a rogue Java program to write anywhere in the heap.

An attacker may be able to leverage these issues to execute arbitrary code on the remote host by luring a victim into visiting a rogue page containing a malicious Java applet.


Install the Quicktime 7.1.6 Security Update.

See Also


Plugin Details

Severity: High

ID: 25346

File Name: macosx_Quicktime716_SecUpd.nasl

Version: $Revision: 1.12 $

Type: local

Agent: macosx

Published: 2007/05/30

Modified: 2013/03/04

Dependencies: 15573

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:apple:quicktime

Required KB Items: MacOSX/QuickTime/Version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2007/05/19

Vulnerability Publication Date: 2007/05/29

Reference Information

CVE: CVE-2007-2388, CVE-2007-2389

BID: 24221, 24222

OSVDB: 35575, 35576

CWE: 264