Summary
The host is running QuickTime Player and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to gain knowledge of sensitive information or execute arbitrary code via a malicious video or web page.
Impact Level: Application
Solution
Upgrade to QuickTime Player version 7.6.9 or later For updates refer to http://www.apple.com/quicktime/download/
Insight
The multiple flaws are due to,
- A heap overflow error when processing Track Header atoms, which could be exploited to execute arbitrary code via a malicious video or web page.
- A filesystem permission error may allow a local user on a Windows system to access the contents of the Apple Computer directory in the user's profile.
- A memory corruption error when handling PICT files.
- An uninitialized memory access when processing FlashPix images.
- A memory corruption error when processing panorama atoms in QTVR (QuickTime Virtual Reality) movie files.
- An integer overflow error when processing movie files.
Affected
QuickTime Player version prior to 7.6.9
References
Severity
Classification
-
CVE CVE-2010-0530, CVE-2010-1508, CVE-2010-3800, CVE-2010-3801, CVE-2010-3802, CVE-2010-4009 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities -01 Feb13 (Linux)
- Adobe AIR Multiple Vulnerabilities-01 Jan15 (Mac OS X)
- Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows
- Adobe AIR Multiple Vulnerabilities-01 Aug14 (Mac OS X)
- Adobe Air Remote Code Execution Vulnerability -June13 (Mac OS X)