Detections
Analytics
Quicktime < 7.0.4 (Windows) Multiple Vulnerabilities
medium Nessus Network Monitor Plugin ID 3364
Synopsis
The remote version of QuickTime is affected by multiple code execution vulnerabilities.Description
The remote version of Quicktime is vulnerable to various buffer overflows involving specially crafted images and media files. An attacker may be able to leverage these issues to execute arbitrary code on the remote host by sending a malformed file to a victim and having him/her open it using QuickTime player.Solution
Upgrade to version 7.0.4 or higher.See Also
http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041289.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041290.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041291.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041292.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041333.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041334.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041335.html
http://www.cirt.dk/advisories/cirt-41-advisory.pdf
http://lists.apple.com/archives/security-announce/2006/Jan/msg00001.html
Plugin Details
Severity: Medium
ID: 3364
Family: Web Clients
Published: 1/11/2006
Updated: 3/6/2019
Nessus ID: 20395
Risk Information
VPR
Risk Factor: High
Score: 7.0
CVSS v2
Risk Factor: Medium
Base Score: 4.4
Temporal Score: 3.6
Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Medium
Base Score: 4.9
Temporal Score: 4.6
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:apple:quicktime
Exploitable With
Core Impact
Reference Information
CVE: CVE-2005-2340, CVE-2005-3707, CVE-2005-3708, CVE-2005-3709, CVE-2005-3710, CVE-2005-3711, CVE-2005-3713, CVE-2005-4092