Quicktime Multiple Integer Overflows (deprecated)

High Nessus Network Monitor Plugin ID 2380


The remote host is vulnerable to a buffer overflow.


The remote host is running an older version of Quicktime player for Microsoft Windows. This version is vulnerable to a remote overflow. A remote attacker exploiting this flaw would need to create a malicious Quicktime file and entice the user to play it. A successful exploit would allow the attacker to execute random code within the context of the local machine. Additionally, there is a similar flaw within the Quicktime library that displays JPEG files. An attacker exploiting this second flaw would need to be able to convince a user into viewing a malicious JPEG file within the Quicktime viewer. Successful exploitation would result in arbitrary code being executed on the victim system.


Upgrade or patch according to vendor recommendations.

Plugin Details

Severity: High

ID: 2380

File Name: 2380.prm

Family: Web Clients

Published: 2004/11/02

Modified: 2016/01/15

Dependencies: 1735, 8314

Nessus ID: 17637

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C


Base Score: 7.3

Temporal Score: 6.4


Temporal Vector: CVSS3#E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apple:quicktime

Reference Information

CVE: CVE-2005-0903, CVE-2004-0431, CVE-2004-0988

BID: 11553, 12905