Quicktime Multiple Vulnerabilities (Mac OS X 7.1.6 Security Update)

high Nessus Plugin ID 25346

Synopsis

The remote Mac OS X host contains an application that is prone to multiple attacks.

Description

According to its version, the installation of Quicktime on the remote Mac OS X host that contains a bug which might allow a rogue Java program to write anywhere in the heap.

An attacker may be able to leverage these issues to execute arbitrary code on the remote host by luring a victim into visiting a rogue page containing a malicious Java applet.

Solution

Install the Quicktime 7.1.6 Security Update.

See Also

http://www.nessus.org/u?3f11b9bd

Plugin Details

Severity: High

ID: 25346

File Name: macosx_Quicktime716_SecUpd.nasl

Version: 1.13

Type: local

Agent: macosx

Published: 5/30/2007

Updated: 7/14/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:apple:quicktime

Required KB Items: MacOSX/QuickTime/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 5/19/2007

Vulnerability Publication Date: 5/29/2007

Reference Information

CVE: CVE-2007-2388, CVE-2007-2389

BID: 24222, 24221

CWE: 264