QuickTime < 7.5 Multiple Vulnerabilities (Mac OS X)

high Nessus Plugin ID 33131

Synopsis

The remote Mac OS X host contains an application that is affected by multiple vulnerabilities.

Description

The version of QuickTime installed on the remote Mac OS X host is older than 7.5. Such versions contain several vulnerabilities :

- There is a heap-based buffer overflow in QuickTime's handling of PICT image files that could result in a program crash or arbitrary code execution (CVE-2008-1583).

- There is a memory corruption issue in QuickTime's handling of AAC-encoded media content that could result in a program crash or arbitrary code execution (CVE-2008-1582).

- There is a stack-based buffer overflow in QuickTime's handling of Indeo video codec content that could result in a program crash or arbitrary code execution (CVE-2008-1584).

- There is a URL handling issue in QuickTime's handling of 'file:' URLs that may allow launching of arbitrary applications (CVE-2008-1585).

Solution

Either use QuickTime's Software Update preference to upgrade to the latest version or manually upgrade to QuickTime 7.5 or later.

Plugin Details

Severity: High

ID: 33131

File Name: macosx_Quicktime75.nasl

Version: 1.16

Type: local

Agent: macosx

Family: MacOS X Local Security Checks

Published: 6/10/2008

Updated: 7/14/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:apple:quicktime

Required KB Items: MacOSX/QuickTime/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 6/9/2008

Reference Information

CVE: CVE-2008-1582, CVE-2008-1583, CVE-2008-1584, CVE-2008-1585

BID: 29619, 29648, 29650, 29652, 29654

CWE: 119, 20, 399

Secunia: 29293

Detections

Analytics