QuickTime < 7.7.1 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 6052
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote host contains an application that is vulnerable to multiple attack vectors.

Description

Versions of QuickTime earlier than 7.7.1 are potentially affected by multiple vulnerabilities :

- A buffer overflow exists in the handling of H.264 encoded movie files. (CVE-2011-3219)

- An uninitialized memory access issue exists in the handling of URL data handlers within movie file. (CVE-2011-3220)

- An implementation issue exists in the handling of the atom hierarchy within a movie files. (CVE-2011-3221)

- A cross-site scripting issue exists int he Save for Web export. (CVE-2011-3218)

- A buffer overflow exists in the handling of FlashPix files. (CVE-2011-3222)

- A buffer overflow exists in the handling of FLIC files. (CVE-2011-3223)

- Multiple memory corruption issues exist in the handling of movie files. (CVE-2011-3228)

- An integer overflow issue exists in the handling of PICT files. (CVE-2011-3247)

- A signedness issue exists in the handling of font tables embedded n QuickTime movie files.

- A buffer overflow issue exists in the handling of FLC encoded movie files. (CVE-2011-3249)

- An integer overflow issue exists in the handling of JPEG2000 encoded movie files. (CVE-2011-3250)

- A memory corruption issue exists in the handling of TKHD atoms in QuickTime movie files. (CVE-2011-3251)

Solution

Upgrade to QuickTime 7.7.1 or later.

See Also

http://support.apple.com/kb/HT5016

Plugin Details

Severity: High

ID: 6052

Family: Web Clients

Published: 10/27/2011

Updated: 3/6/2019

Dependencies: 1735, 8314

Nessus ID: 56667

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*

Patch Publication Date: 10/27/2011

Vulnerability Publication Date: 10/12/2011

Reference Information

CVE: CVE-2011-3219, CVE-2011-3220, CVE-2011-3221, CVE-2011-3222, CVE-2011-3223, CVE-2011-3228, CVE-2011-3251, CVE-2011-3250, CVE-2011-3248, CVE-2011-3249, CVE-2011-3247, CVE-2011-3218

BID: 50100, 50101, 50127, 50130, 50131, 50068, 50122, 50399, 50400, 50401, 50403, 50404