QuickTime < 7.6.7 QuickTimeStreaming.qtx SMIL File Debug Logging Overflow (Windows)

High Nessus Plugin ID 48323


The remote Windows host contains an application that is affected by a stack overflow vulnerability.


The version of QuickTime installed on the remote Windows host is older than 7.6.7. Such versions are affected by a stack overflow in the application's error logging.

If an attacker can trick a user on the host into viewing a specially crafted movie file, an application crash could be forced or arbitrary code could be executed subject to the user's privileges.


Upgrade to QuickTime 7.6.7 or later.

See Also



Plugin Details

Severity: High

ID: 48323

File Name: quicktime_767.nasl

Version: $Revision: 1.9 $

Type: local

Agent: windows

Family: Windows

Published: 2010/08/13

Modified: 2016/11/23

Dependencies: 21561

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:apple:quicktime

Required KB Items: SMB/QuickTime/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/08/12

Vulnerability Publication Date: 2010/07/26

Exploitable With

CANVAS (White_Phosphorus)

Core Impact

Metasploit (Apple QuickTime 7.6.6 Invalid SMIL URI Buffer Overflow)

Reference Information

CVE: CVE-2010-1799

BID: 41962

OSVDB: 66636

Secunia: 40729