CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.2%
The remote Windows host is running a version of QuickTime prior to 7.1.3.
The remote version of QuickTime is vulnerable to various integer and buffer overflows involving specially crafted image and media files. An attacker may be able to leverage these issues to execute arbitrary code on the remote host by sending a malformed file to a victim and having him open it using QuickTime player.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(22336);
script_version("1.21");
script_cve_id("CVE-2006-4381", "CVE-2006-4382", "CVE-2006-4384", "CVE-2006-4385", "CVE-2006-4386",
"CVE-2006-4388", "CVE-2006-4389", "CVE-2007-0754");
script_bugtraq_id(19976, 23923);
script_name(english:"QuickTime < 7.1.3 Multiple Vulnerabilities (Windows)");
script_summary(english:"Checks version of QuickTime on Windows");
script_set_attribute(attribute:"synopsis", value:
"The remote version of QuickTime is affected by multiple overflow
vulnerabilities." );
script_set_attribute(attribute:"description", value:
"The remote Windows host is running a version of QuickTime prior to
7.1.3.
The remote version of QuickTime is vulnerable to various integer and
buffer overflows involving specially crafted image and media files.
An attacker may be able to leverage these issues to execute arbitrary
code on the remote host by sending a malformed file to a victim and
having him open it using QuickTime player." );
script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=304357" );
script_set_attribute(attribute:"solution", value:
"Upgrade to QuickTime version 7.1.3 or later." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_publication_date", value: "2006/09/13");
script_set_attribute(attribute:"vuln_publication_date", value: "2006/09/12");
script_cvs_date("Date: 2018/07/25 18:58:06");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:quicktime");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
script_dependencies("quicktime_installed.nasl");
script_require_keys("SMB/QuickTime/Version");
exit(0);
}
ver = get_kb_item("SMB/QuickTime/Version");
if (
ver &&
ver =~ "^([0-6]\.|7\.(0\.|1\.[0-2]([^0-9]|$)))"
) security_hole(get_kb_item("SMB/transport"));
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4381
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4382
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4384
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4385
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4386
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4388
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0754
docs.info.apple.com/article.html?artnum=304357