Quicktime (for Windows) < 7.7.5 Multiple Vulnerabilities (deprecated)

2014-02-2600:00:00

Tenable

www.tenable.com

Versions older than Quicktime 7.7.5 contain the following vulnerabilities:

An uninitialized pointer issue when handling track lists, which can be leveraged by an attacker to execute arbitrary code or application termination (CVE-2014-1243)
Multiple buffer overflow vulnerabilities, which can be leveraged by an attacker to execute arbitrary code or application termination (CVE-2014-1244, 2014-1246, CVE-2014-1248, CVE-2014-1249, CVE-2014-1251)
Multiple out-of-bounds byte swapping issues, which can be leveraged by an attacker to execute arbitrary code or application termination (CVE-2014-1250, CVE-2013-1032)
A signedness issue in the handling of ‘stsz’ atoms, which can be leveraged by an attacker to execute arbitrary code or application termination (CVE-2014-1245)
A memory corruption issue when handling the ‘dref’ atoms, which can be leveraged by an attacker to execute arbitrary code or application termination (CVE-2014-1247)

Binary data 8139.prm

VendorProductVersionCPE
applequicktimecpe:/a:apple:quicktime

Vendor	Product	Version	CPE
apple	quicktime		cpe:/a:apple:quicktime

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1032

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1243

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1244

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1245

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1246

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1247

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1248

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1249

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1250

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1251

support.apple.com/kb/HT6151

Related for 8139.PRM