QuickTime < 7.6.4 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 5159

Synopsis

The remote host contains an application that is vulnerable to multiple attack vectors.

Description

The version of QuickTime installed on the remote host is older than 7.6.4. Such versions contain multiple issues :

- A memory corruption issue exists in the handling of H.264 movie files. (CVE-2009-2202)

- A buffer overflow in the handling of MPEG-4 video files. (CVE-2009-2203)

- A heap buffer overflow exists in the handling of FlashPix files. (CVE-2009-2798)

- A heap buffer overflow exists in the handling of H.264 movie files. (CVE-2009-2799)

Solution

Upgrade to QuickTime 7.6.4 or later.

Plugin Details

Severity: Medium

ID: 5159

Family: Web Clients

Published: 9/10/2009

Updated: 3/6/2019

Nessus ID: 40928, 40929

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apple:quicktime

Patch Publication Date: 9/9/2009

Vulnerability Publication Date: 9/9/2009

Reference Information

CVE: CVE-2009-2202, CVE-2009-2203, CVE-2009-2798, CVE-2009-2799

BID: 36328

Detections

Analytics

QuickTime < 7.6.4 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 5159

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

VPR

CVSS v2

CVSS v3

Vulnerability Information

Reference Information