Apple Quicktime Unsupported on Windows

critical Nessus Network Monitor Plugin ID 9307

Synopsis

Apple QuickTime is no longer supported on Windows.

Description

Apple no longer supports any version of QuickTime on Windows. The last version of QuickTime available on Windows has known vulnerabilities related to processing atom indexes. A remote attacker can exploit these to cause heap corruption within QuickTime resulting in the execution of arbitrary code.

Solution

Uninstall Apple QuickTime on Windows.

See Also

https://www.us-cert.gov/ncas/alerts/TA16-105A

Plugin Details

Severity: Critical

ID: 9307

Family: Web Clients

Published: 4/20/2016

Updated: 3/6/2019

Nessus ID: 90544

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:U/RC:C

Vulnerability Information

CPE: cpe:/a:apple:quicktime

Patch Publication Date: 4/16/2016

Vulnerability Publication Date: 4/16/2016