Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

QuickTime < 7.7 Multiple Vulnerabilities

High

Synopsis

The remote host contains an application that is vulnerable to multiple attack vectors.

Description

Versions of QuickTime earlier than 7.7 are potentially affected by multiple vulnerabilities :

- A buffer overflow in QuickTime's handling of pict files may lead to an application crash or arbitrary code execution. (CVE-2011-0245)

- A buffer overflow in QuickTime's handling of JPEG2000 files may lead to an application crash or arbitrary code execution. (CVE-2011-0186)

- A cross-origin issue in QuickTime plug-in's handling of cross-site redirects may lead to disclosure of video data from another site. (CVE-2011-0187)

- An integer overflow in QuickTime's handling of RIFF WAV files may lead to an application crash or arbitrary code execution. (CVE-2011-0209)

- A memory corruption issue in QuickTime's handling of sample tables in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0210)

- An integer overflow in QuickTime's handling of audio channels in movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0211)

- A buffer overflow in QuickTime's handling of JPEG files may lead to an application crash or arbitrary code execution. (CVE-2011-0213)

- A heap buffer overflow in QuickTime's handling of GIF files may lead to an application crash or arbitrary code execution. (CVE-2011-0246)

- Multiple stack buffer overflows in QuickTime's handling of H.264 encoded movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0247)

- A stack buffer overflow in QuickTime ActiveX's handling of QTL files may lead to an application crash or arbitrary code execution. (CVE-2011-0248)

- A heap buffer overflow in QuickTime's handling of STSC atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0249)

- A heap buffer overflow in QuickTime's handling of STSS atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0250)

- A heap buffer overflow in QuickTime's handling of STSZ atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0251)

- A heap buffer overflow in QuickTime's handling of STTS atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2011-0252)

Solution

Upgrade to QuickTime 7.7 or later.