QuickTime < 7.6.2 Multiple Vulnerabilities (Mac OS X)

high Nessus Plugin ID 38989

Synopsis

The remote Mac OS X host contains an application that is affected by multiple vulnerabilities.

Description

The version of QuickTime installed on the remote Mac OS X host is older than 7.6.2. Such versions contain several vulnerabilities :

- A heap buffer overflow in QuickTime's handling of MS ADPCM encoded audio data may lead to an application crash or arbitrary code execution. (CVE-2009-0185)

- A memory corruption issue in QuickTime's handling of Sorenson 3 video files may lead to an application crash or arbitrary code execution. (CVE-2009-0188)

- A heap buffer overflow in QuickTime's handling of FLC compression files may lead to an application crash or arbitrary code execution. (CVE-2009-0951)

- A buffer overflow in QuickTime's handling of compressed PSD image files may lead to an application crash or arbitrary code execution. (CVE-2009-0952)

- A heap buffer overflow in QuickTime's handling of PICT image files may lead to an application crash or arbitrary code execution. (CVE-2009-0953)

- A sign extension issue in QuickTime's handling of image description atoms in an Apple video file may lead to an application crash or arbitrary code execution. (CVE-2009-0955)

- An uninitialized memory access issue in QuickTime's handling of movie files may lead to an application crash or arbitrary code execution. (CVE-2009-0956)

- A heap buffer overflow in QuickTime's handling of JP2 image files may lead to an application crash or arbitrary code execution. (CVE-2009-0957)

Solution

Upgrade to QuickTime 7.6.2 or later.

See Also

http://support.apple.com/kb/HT3591

http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html

Plugin Details

Severity: High

ID: 38989

File Name: macosx_Quicktime762.nasl

Version: 1.17

Type: local

Agent: macosx

Published: 6/2/2009

Updated: 7/16/2018

Supported Sensors: Nessus Agent

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:apple:quicktime

Required KB Items: MacOSX/QuickTime/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/1/2009

Reference Information

CVE: CVE-2009-0185, CVE-2009-0188, CVE-2009-0951, CVE-2009-0952, CVE-2009-0953, CVE-2009-0955, CVE-2009-0956, CVE-2009-0957

BID: 35159, 35161, 35162, 35163, 35164, 35165, 35166, 35167, 35168

CWE: 94, 119, 399