QuickTime < 7.7.5 Multiple Vulnerabilities (Windows)
High Nessus Plugin ID 72706
SynopsisThe remote Windows host contains an application that may be affected by multiple vulnerabilities.
DescriptionThe version of QuickTime installed on the remote Windows host is earlier than 7.7.5. It is, therefore, reportedly affected by the following vulnerabilities :
- Out-of-bounds byte swapping issues exist in the handling of QuickTime image descriptions and 'ttfo' elements. (CVE-2013-1032, CVE-2014-1250)
- An uninitialized pointer issue exists in the handling of track lists. (CVE-2014-1243)
- Buffer overflow vulnerabilities exist in the handling of H.264 encoded movie files, 'ftab' atoms, 'ldat' atoms, PSD images, and 'clef' atoms. (CVE-2014-1244, CVE-2014-1248, CVE-2014-1249, CVE-2014-1251)
- A signedness issue exists in the handling of 'stsz' atoms. (CVE-2014-1245)
- A memory corruption issue exists in the handling of 'dref' atoms. (CVE-2014-1247)
Successful exploitation of these issues could result in program termination or arbitrary code execution, subject to the user's privileges.
SolutionUpgrade to QuickTime 7.7.5 or later.