Summary
This host has Apple QuickTime installed, which prone to multiple vulnerabilities.
Impact
Successful exploitation could allow remote attackers to gain unauthorized access to execute arbitrary code and trigger a denial of service condition.
Impact Level : Application
Solution
Upgrade to version 7.5.5
http://www.apple.com/quicktime/download/
Insight
The flaws exists due to,
- an uninitialized memory access inn the Indeo v5 codec and lack of proper bounds checking within QuickTimeInternetExtras.qtx file.
- improper handling of panorama atoms in QTVR movie files.
- improper handling of maxTilt, minFieldOfView and maxFieldOfView parameters in panorama track PDAT atoms.
- an uninitialized memory access in the third-party Indeo v5 codec.
- an invalid pointer in handling of PICT images.
- memory corruption in handling of STSZ atoms in movie files within CallComponentFunctionWithStorage() function.
- multiple memory corruption in H.264 encoded movie files.
- parsing of movie video files in QuickTimeH264.scalar and MP4 video files in QuickTimeH264.qtx.
Affected
Apple QuickTime versions prior to 7.5.5 on Windows (all)
References
Severity
Classification
-
CVE CVE-2008-3614, CVE-2008-3615, CVE-2008-3624, CVE-2008-3625, CVE-2008-3626, CVE-2008-3627, CVE-2008-3628, CVE-2008-3629, CVE-2008-3635 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities