Executive Summary
| Summary | |
|---|---|
| Title | Apple Quicktime Updates for Multiple Vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | TA08-162C | First vendor Publication | 2008-06-10 |
| Vendor | US-CERT | Last vendor Modification | 2008-06-10 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 6.8 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Apple QuickTime contains multiple vulnerabilities as described in the Apple Knowledgebase article HT1991. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. I. Description Apple QuickTime prior to version 7.5 has multiple image and media file handling vulnerabilities. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted image or media file that could be hosted on a web page. Apple QuickTime 7.5 addresses these vulnerabilities. Note that Apple iTunes for Windows installs QuickTime, so any system with iTunes may be vulnerable. II. Impact These vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. For further information, please see Apple knowledgebase article HT1991 about the security content of QuickTime 7.5 III. Solution Upgrade QuickTime Upgrade to QuickTime 7.5. This and other updates for Mac OS X are available via Apple Update. Secure your web browser To help mitigate these and other vulnerabilities that can be exploited via a web browser, refer to Securing Your Web Browser. |
Original Source
| Url : http://www.us-cert.gov/cas/techalerts/TA08-162C.html |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 60 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 20 % | CWE-399 | Resource Management Errors |
| 20 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-26 | Name : Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities (Win) File : nvt/gb_apple_quicktime_mult_vuln_win.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 46073 | Apple QuickTime Embedded SMIL Text qt:next Attribute Arbitrary File Execution |
| 46072 | Apple QuickTime Indeo.qtx Indeo Video Codec File Handling Overflow |
| 46071 | Apple QuickTime PICT File Handling Overflow |
| 46070 | Apple QuickTime AAC-encoded Media Content Handling Memory Corruption |
| 46069 | Apple QuickTime PICT PixData Structure Packed Scanlines Handling Overflow |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Apple QuickTime SMIL qtnext redirect file execution attempt RuleID : 15487 - Revision : 11 - Type : FILE-MULTIMEDIA |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2008-06-10 | Name : The remote Mac OS X host contains an application that is affected by multiple... File : macosx_Quicktime75.nasl - Type : ACT_GATHER_INFO |
| 2008-06-10 | Name : The remote Windows host contains an application that is affected by multiple ... File : quicktime_75.nasl - Type : ACT_GATHER_INFO |
