Summary
This host is installed with QuickTime Player and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary code, memory corruption or buffer overflow.
Impact Level: System/Application
Solution
Upgrade to version 7.7.4 or later,
For updates refer to http://support.apple.com/downloads
Insight
Multiple flaws due to,
Boundary error when handling
- FPX files
- 'enof' and 'mvhd' atoms
- H.263 and H.264 encoded movie files
- A certain value in a dref atom within a MOV file - A channel_mode value of MP3 files within the CoreAudioToolbox component Unspecified error when handling TeXML files, JPEG encoded data, QTIF files
Affected
QuickTime Player version prior to 7.7.4 on Windows
References
Severity
Classification
-
CVE CVE-2013-0986, CVE-2013-0987, CVE-2013-0988, CVE-2013-0989, CVE-2013-1015, CVE-2013-1016, CVE-2013-1017, CVE-2013-1018, CVE-2013-1019, CVE-2013-1020, CVE-2013-1021, CVE-2013-1022 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Air Multiple Vulnerabilities -01 August 12 (Mac OS X)
- Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Mac OS X)
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Mac OS X)
- Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities -01 Feb13 (Mac OS X)