Tenable4651.PRMQuickTime < 7.5.5 Multiple Vulnerabilities
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.4%
The version of QuickTime installed on the remote host is older than 7.5.5. Such versions contain several vulnerabilities :
- Heap and stack buffer overflows in the handling of panorama atoms in QTVR (QuickTime Virtual Reality) movie files could lead to an application crash or arbitrary code execution (CVE-2008-3624 and CVE-2008-3625).
- A memory corruption issue in QuickTimeβs handling of STSZ atoms in movie files could lead to an application crash or arbitrary code execution (CVE-2008-3626).
- Multiple memory corruption issues in QuickTimeβs handling of H.264-encoded movie files could lead to an application crash or arbitrary code execution (CVE-2008-3627).
- An out-of-bounds read issue in QuickTimeβs handling of PICT images could lead to an application crash (CVE-2008-3629).
Binary data 4651.prmReferences
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3614
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3615
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3624
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3625
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3626
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3627
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3628
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3629
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3635
lists.apple.com/archives/security-announce/2008/Sep/msg00000.html
support.apple.com/kb/HT3027
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.4%