Apple Quicktime Unsupported on Windows

Critical Nessus Network Monitor Plugin ID 9307

Synopsis

Apple QuickTime is no longer supported on Windows.

Description

Apple no longer supports any version of QuickTime on Windows. The last version of QuickTime available on Windows has known vulnerabilities related to processing atom indexes. A remote attacker can exploit these to cause heap corruption within QuickTime resulting in the execution of arbitrary code.

Solution

Uninstall Apple QuickTime on Windows.

See Also

https://www.us-cert.gov/ncas/alerts/TA16-105A

Plugin Details

Severity: Critical

ID: 9307

Family: Web Clients

Published: 2016/04/20

Modified: 2016/04/20

Dependencies: 1735, 8314

Nessus ID: 90544

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 9.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 9.8

Temporal Score: 9.6

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:F/RL:U/RC:C

Vulnerability Information

CPE: cpe:/a:apple:quicktime

Patch Publication Date: 2016/04/16

Vulnerability Publication Date: 2016/04/16