Summary
This host is installed with Apple QuickTime player and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary code, conduct denial of service and compromise a vulnerable system.
Impact Level: System/Application
Solution
Upgrade to Apple QuickTime version 7.7.5 or later, For updates refer to http://support.apple.com/downloads
Insight
Flaw is due to,
- An unspecified error when handling track lists.
- Multiple boundary errors when handling H.264 encoded movie files, 'ftab' atoms, 'dref' atoms, 'ldat' atoms, PSD images, 'clef' atoms.
- An unspecified error that is due to a signedness issue.
- An out-of-bounds memory write error when handling 'ttfo' elements.
Affected
Apple QuickTime version before 7.7.5 on Windows
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-1243, CVE-2014-1244, CVE-2014-1245, CVE-2014-1246, CVE-2014-1247, CVE-2014-1248, CVE-2014-1249, CVE-2014-1250, CVE-2014-1251 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities -01 April 13 (Mac OS X)
- Adobe Air Code Execution and DoS Vulnerabilities (Windows)
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)
- Adobe AIR Security Bypass Vulnerability Jan14 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities-01 Aug14 (Mac OS X)