QuickTime < 7.6 Multiple Vulnerabilities

2009-01-2200:00:00

Tenable

www.tenable.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.901

Percentile

98.9%

The version of QuickTime installed on the remote host is older than 7.6. Such versions contain several vulnerabilities :

A heap buffer overflow in QuickTime’s handling of RTSP URLs may lead to an application crash or arbitrary code execution. (CVE-2009-0001)
A heap buffer overflow in QuickTime’s handling of THKD atoms in QTVR (QuickTime Virtual Reality) movie files may lead to an application crash or arbitrary code execution. (CVE-2009-0002)
A heap buffer overflow while processing an AVI movie file may lead to an application crash or arbitrary code execution. (CVE-2009-0003)
A buffer overflow in the handling of MPEG-2 video files with MP3 audio content may lead to an application crash or arbitrary code execution. (CVE-2009-0004)
A memory corruption in QuickTime’s handling of H.263 encoded movie files may lead to an application crash or arbitrary code execution. (CVE-2009-0005)
A signedness issue in QuickTime’s handling of Cinepak encoded movie files may result in a heap buffer overflow. (CVE-2009-0006)
A heap buffer overflow in QuickTime’s handling of JPEG atoms in QuickTime movie files may lead to an application crash or arbitrary code execution. (CVE-2009-0007)