Apple QuickTime < 7.7.9 Multiple RCE (Windows)

High Nessus Plugin ID 87848


The remote Windows host contains an application that is affected by multiple remote code execution vulnerabilities.


The version of Apple QuickTime installed on the remote Windows host is prior to 7.7.9. It is, therefore, affected by multiple remote code execution vulnerabilities due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these, via a crafted movie file, to execute arbitrary code or cause a denial of service through memory corruption.


Upgrade to Apple QuickTime version 7.7.9 or later.

See Also

Plugin Details

Severity: High

ID: 87848

File Name: quicktime_779.nasl

Version: $Revision: 1.6 $

Type: local

Agent: windows

Family: Windows

Published: 2016/01/11

Modified: 2016/05/19

Dependencies: 21561

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/a:apple:quicktime

Required KB Items: SMB/QuickTime/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/01/07

Vulnerability Publication Date: 2016/01/07

Reference Information

CVE: CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, CVE-2015-7117

OSVDB: 132636, 132637, 132638, 132639, 132640, 132641, 132642, 132643, 132644

APPLE-SA: APPLE-SA-2016-01-07-1