Lucene search

K
nessusTenable4651.PRM
HistorySep 10, 2008 - 12:00 a.m.

QuickTime < 7.5.5 Multiple Vulnerabilities

2008-09-1000:00:00
Tenable
www.tenable.com
13

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.436

Percentile

97.4%

The version of QuickTime installed on the remote host is older than 7.5.5. Such versions contain several vulnerabilities :

  • Heap and stack buffer overflows in the handling of panorama atoms in QTVR (QuickTime Virtual Reality) movie files could lead to an application crash or arbitrary code execution (CVE-2008-3624 and CVE-2008-3625).
  • A memory corruption issue in QuickTime’s handling of STSZ atoms in movie files could lead to an application crash or arbitrary code execution (CVE-2008-3626).
  • Multiple memory corruption issues in QuickTime’s handling of H.264-encoded movie files could lead to an application crash or arbitrary code execution (CVE-2008-3627).
  • An out-of-bounds read issue in QuickTime’s handling of PICT images could lead to an application crash (CVE-2008-3629).
Binary data 4651.prm
VendorProductVersionCPE
applequicktimecpe:/a:apple:quicktime

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.436

Percentile

97.4%