Quicktime < 7.1 on Mac OS X Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 3616

Synopsis

The remote version of QuickTime is affected by multiple overflow vulnerabilities.

Description

The remote Mac OS X host is running a version of Quicktime prior to 7.1. The remote version of Quicktime is vulnerable to various integer and buffer overflows involving specially-crafted image and media files. An attacker may be able to leverage these issues to execute arbitrary code on the remote host by sending a malformed file to a victim and having it opened using QuickTime player.

Solution

Install version 7.1 or higher.

See Also

http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045979.html

http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045981.html

http://docs.info.apple.com/article.html?artnum=303752

Plugin Details

Severity: High

ID: 3616

File Name: 3616.prm

Family: Web Clients

Published: 2006/05/12

Modified: 2016/01/15

Dependencies: 1735, 8314

Nessus ID: 21554

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apple:quicktime

Reference Information

CVE: CVE-2005-2337, CVE-2005-2628, CVE-2005-4077, CVE-2006-0024, CVE-2006-1439, CVE-2006-1440, CVE-2006-1441, CVE-2006-1442, CVE-2006-1443, CVE-2006-1444, CVE-2006-1445, CVE-2006-1446, CVE-2006-1447, CVE-2006-1448, CVE-2006-1449, CVE-2006-1450, CVE-2006-1451, CVE-2006-1452, CVE-2006-1455, CVE-2006-1456, CVE-2006-1457, CVE-2006-1552, CVE-2006-1614, CVE-2006-1615, CVE-2006-1630, CVE-2006-1982, CVE-2006-1983, CVE-2006-1984, CVE-2006-1985, CVE-2006-1249, CVE-2006-1453, CVE-2006-1454, CVE-2006-1458, CVE-2006-1461, CVE-2006-1462, CVE-2006-1463, CVE-2006-1464, CVE-2006-1465, CVE-2006-2238, CVE-2006-1459, CVE-2006-1460

BID: 17953, 17074, 17951