Summary
The host is running Apple QuickTime and is prone to multiple buffer overflow vulnerabilities.
Impact
Successful exploitation could allow attackers to execute arbitrary code in the context of the currently logged-in user. Viewing a maliciously crafted movie file may lead to an unexpected application termination.
Impact Level: System/Application
Solution
Upgrade to Apple QuickTime version 7.7 or later
For updates refer to http://www.apple.com/quicktime/download/
Insight
The flaws are due to
- a buffer overflow error, when handling pict files.
- heap buffer overflow error, when handling 'GIF' images and 'STSC', 'STSS', 'STSZ' and 'STTS' atoms in QuickTime movie files.
- multiple stack buffer overflows existed in the handling of 'H.264' encoded movie files.
- stack buffer overflow existed in the QuickTime ActiveX control's handling of 'QTL' files.
- an integer overflow existed in the handling of track run atoms in QuickTime movie files.
- improper bounds checking when handling 'mp4v' codec information.
Affected
Apple QuickTime version prior to 7.7
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2011-0245, CVE-2011-0246, CVE-2011-0247, CVE-2011-0248, CVE-2011-0249, CVE-2011-0250, CVE-2011-0251, CVE-2011-0252, CVE-2011-0256, CVE-2011-0257, CVE-2011-0258 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities