Mac OS X : Flip4Mac < 2.2.1 Unspecified Vulnerability

#TRUSTED 3c1fc1e68aae6cb265fdb7a8699e8e84965cca85a9c65bdb92dc402776aeafb8122050599cb808ca31c0b684da315d7f0dbc06842141644fec1adda54cc4c5005e3dc3cc93bf82b38b8f041824221627e3ee1a5784de90e3bfbd219278be02b2991304f254fd23b5348666f899a4b4e0f37253efd94ec109dcdd75357ec03e74c131e5bc62ee3b839567358781a51c5e0eb483b4431abd043cf71e804a22876584e023e9afff32babee13331d4e6aa9c8f18dafecc08b199cb1114a9b3f0fdac1ecbe91c1e647887f60c8451b66f5cf73c8acbeafcb51d3355423efa67b0833f895b134be73415b9c0606bee6d755668c490a0b3492aaa81437fcdf6a725fc9edf01a3569f0175f69e92957423afa58e5b6363f1fe61ae33da37b3259634ad6c681758bf3901f6fb28aa8272b73144d27f4fa677d7d39d4d2e3ecec225b847764da7d32d0bcab3b12670ef3c76958315db1560f977b47c9741b6ba0c37fac78a7b68c944f8dfa630d97a166d4179393c84d8736c3075412b0f7568e5fbb1c894ce3331c9a0e8fc002d0cccb3145fd906146b32e59f20118f1e50792a679d890f6212975c9984c13aa9268f4e29d8305932a50c09fc2948fd7ddcf919d85b597f644170a25ceeca71c25ebfc80933e2f41896e41d2133c9f42c33258e5719dec0b4573a5e26c9637d440e392a4ca20396e55bc75e5ff0f242e41b5ca34478fe23
#TRUST-RSA-SHA256 74b443ee57f76e42790d38070f8358b400864f918b30e14985d42b0f76adb752eefdf550e73b88e6d256593e9ba1a7481ee64d3ddc4521c088c7c13a8b52576dc2d65c2f20ce41769d94ade0c9ca7ccc2330cfb6e56f8581054e42b68b7d0d1349c361866cb93d26ed5d44e8b5f521d10bb9bbe16bda199d4cfbda3e6cea5a6102e9cf777390f554dd613ccfe769b6681881476eaa818c5e6c532c0f1942a1aba76828a496a437a25a59913d49d1f358a89b0ce639dfb1929e940bdc7f21506deceb8efeab11dec44dd8667e32af5736dfb529f0200d4ed15bc62d37908e9572ad6b265664345d6b317360b97d386cadefd4b6608f3aba47e76694179e9a1d0d4970dd0ca0ae426fda4456bcf13b5deed9c693814ba7350e151186933deff5b1fcce66c47aad9988cc5aaaf8460ed8f6580a531b46e2814fc1148ef1777b58223c1eac8ba645668cdd10ef2895b0441b599aba3d777a59cc98d15b1dd17372cef35a962f8ea52bcc282f74484e08cc9be5405b75316142dd12e54093136272ea8730be534a48a4d21f8b74a8bc686245fa29c20a4fbb54ec404e94fec1ef72aa8a070abe97a448dc28e6053d846623b7ebd39c5029c36a11f19efa9cd3047c3b2da015255d8cff6a2b6c09de7e2116d25fcfd069d20d8ded6ddcd448a494ade3ffbf253771cb10009f205100264013f90006fc64efc4335d064e5668c6794f2a
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(34322);
 script_version("1.17");
 script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/27");

 script_cve_id("CVE-2008-4095");
 script_bugtraq_id(31505);

 script_name(english:"Mac OS X : Flip4Mac < 2.2.1 Unspecified Vulnerability");
 script_summary(english:"Check for Flip4Mac on the remote host");

 script_set_attribute(attribute:"synopsis", value:"The remote host is affected by a vulnerability in its WMV decoder.");
 script_set_attribute(attribute:"description", value:
"The remote Mac OS X host is running a version of Flip4Mac that contains
an unspecified vulnerability in its decoder. 

Flip4Mac is an extension that lets users read '.wmv' movie files.  By
enticing a user on the remote host to read a malformed '.wmv' file, an
attacker may be able to execute arbitrary commands on the remote
system.");
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f1935549");
 script_set_attribute(attribute:"solution", value:"Upgrade to Flip4Mac Version 2.2.1 or later.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"cvss_score_source", value:"CVE-2008-4095");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"patch_publication_date", value:"2008/09/15");
 script_set_attribute(attribute:"plugin_publication_date", value:"2008/10/01");
 script_set_attribute(attribute:"plugin_type", value:"local");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2008-2023 Tenable Network Security, Inc.");
 script_family(english:"MacOS X Local Security Checks");

 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/MacOSX/packages");
 exit(0);
}

if ( ! defined_func("bn_random") ) exit(0);

include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");



enable_ssh_wrappers();

function _GetBundleVersionCmdInfo(file, path, label )
{
  local_var ret, suffix;
  local_var cmd;

   suffix = "/Contents/Info.plist";
   cmd    = "cat";


 file = str_replace(find:' ', replace:'\\ ', string:file);

 if ( !isnull(path) )
   {
   path = str_replace(find:' ', replace:'\\ ', string:path);
   ret = "cd " + path + " 2>/dev/null && ";
   }
 else
   ret = "";


 ret += cmd + " " + file + suffix + "|grep -A 1 " + label + " " + '| tail -n 1 | sed \'s/.*string>\\(.*\\)<\\/string>.*/\\1/g\''
;
 return ret;
}


function exec(cmd)
{
 local_var ret, buf;

 if ( islocalhost() )
  buf = pread_wrapper(cmd:"/bin/bash", argv:make_list("bash", "-c", cmd));
 else
 {
  ret = ssh_open_connection();
  if ( ! ret ) exit(0);
  buf = ssh_cmd(cmd:cmd);
  ssh_close_connection();
 }

 if ( buf !~ "^[0-9]" ) exit(0);

 buf = chomp(buf);
 return buf;
}


packages = get_kb_item("Host/MacOSX/packages");
if ( ! packages ) exit(0);

uname = get_kb_item("Host/uname");
if ( egrep(pattern:"Darwin.* ", string:uname) )
{
 cmd = _GetBundleVersionCmdInfo(file:"Flip4Mac WMV Import.component", path:"/Library/QuickTime", label:"CFBundleVersion");
 buf = exec(cmd:cmd);
 if ( ! strlen(buf) ) exit(0);
 array = split(buf, sep:'.', keep:FALSE);
 # Fixed in version 2.2.1.11
 if ( int(array[0]) < 2 ||
     (int(array[0]) == 2 && int(array[1]) < 2 ) ||
     (int(array[0]) == 2 && int(array[1]) == 2 && int(array[2]) < 1 ) ||
     (int(array[0]) == 2 && int(array[1]) == 2 && int(array[2]) == 1 && int(array[3]) < 11 ) )
 {
   security_hole(0);
 }
}