QuickTime < 7.4.5 Multiple Vulnerabilities (Windows)
High Nessus Plugin ID 31735
SynopsisThe remote Windows host contains an application that is affected by multiple vulnerabilities.
DescriptionThe version of QuickTime installed on the remote Windows host is older than 7.4.5. Such versions contain several vulnerabilities :
- Untrusted Java applets may obtain elevated privileges (CVE-2008-1013).
- Downloading a movie file may lead to information disclosure (CVE-2008-1014).
- Viewing a specially crafted movie file may lead to a program crash or arbitrary code execution (CVE-2008-1015, CVE-2008-1016, CVE-2008-1017, CVE-2008-1018, CVE-2008-1021, CVE-2008-1022).
- Opening a specially crafted PICT image file may lead to a program crash or arbitrary code execution (CVE-2008-1019, CVE-2008-1020, CVE-2008-1023).
SolutionEither use QuickTime's Software Update preference to upgrade to the latest version or manually upgrade to QuickTime 7.4.5 or later.