Apple QuickTime Multiple Vulnerabilities - Nov12 (Windows) Network Vulnerability

Summary

This host is installed with Apple QuickTime and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow attackers to execute arbitrary code or cause a buffer overflow condition. Impact Level: System/Application

Solution

Upgrade to QuickTime Player version 7.7.3 or later, For updates refer to http://support.apple.com/downloads/

Insight

- Multiple boundary errors exists when handling a PICT file, a Targa file, the transform attribute of 'text3GTrack' elements and the 'rnet' box within MP4 file. - Use-after-free errors exists when handling '_qtactivex_' parameters within an HTML object and 'Clear()' method.

Affected

QuickTime Player version prior to 7.7.3 on Windows

References

http://lists.apple.com/archives/security-announce/2012/Nov/msg00002.html
http://secunia.com/advisories/51226
http://support.apple.com/kb/HT5581
http://www.osvdb.org/87094

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1374, CVE-2012-3751, CVE-2012-3752, CVE-2012-3753, CVE-2012-3754, CVE-2012-3755, CVE-2012-3756, CVE-2012-3757, CVE-2012-3758

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Mac OS X)
Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Mac OS X)
Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows)
Adobe Acrobat Multiple Vulnerabilities - Windows
Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Mac OS X)

Take action and discover your vulnerabilities