SynopsisThe remote Windows host contains an application that may be affected by multiple vulnerabilities.
DescriptionThe version of QuickTime installed on the remote Windows host is earlier than 7.7.5. It is, therefore, reportedly affected by the following vulnerabilities :
- Out-of-bounds byte swapping issues exist in the handling of QuickTime image descriptions and 'ttfo' elements. (CVE-2013-1032, CVE-2014-1250)
- An uninitialized pointer issue exists in the handling of track lists. (CVE-2014-1243)
- Buffer overflow vulnerabilities exist in the handling of H.264 encoded movie files, 'ftab' atoms, 'ldat' atoms, PSD images, and 'clef' atoms. (CVE-2014-1244, CVE-2014-1248, CVE-2014-1249, CVE-2014-1251)
- A signedness issue exists in the handling of 'stsz' atoms. (CVE-2014-1245)
- A memory corruption issue exists in the handling of 'dref' atoms. (CVE-2014-1247)
Successful exploitation of these issues could result in program termination or arbitrary code execution, subject to the user's privileges.
SolutionUpgrade to QuickTime 7.7.5 or later.
File Name: quicktime_775.nasl
Supported Sensors: Nessus Agent
Temporal Vector: E:U/RL:OF/RC:C
Required KB Items: SMB/QuickTime/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 2/25/2014
Vulnerability Publication Date: 9/13/2013
CVE: CVE-2013-1032, CVE-2014-1243, CVE-2014-1244, CVE-2014-1245, CVE-2014-1246, CVE-2014-1247, CVE-2014-1248, CVE-2014-1249, CVE-2014-1250, CVE-2014-1251
BID: 62375, 65777, 65784, 65786, 65787