Quicktime < 7.0.3 Multiple Vulnerabilities (Mac OS X)

2005-11-04T00:00:00
ID MACOSX_QUICKTIME703.NASL
Type nessus
Reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
Modified 2020-03-02T00:00:00

Description

The remote Mac OS X host is running a version of Quicktime 7 which is older than Quicktime 7.0.3.

The remote version of this software is vulnerable to various buffer overflows which may allow an attacker to execute arbitrary code on the remote host by sending a malformed file to a victim and have him open it using QuickTime player.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

if ( ! defined_func("bn_random") ) exit(0);

include("compat.inc");

if(description)
{
 script_id(20135);
 script_version ("1.18");

 script_cve_id("CVE-2005-2753", "CVE-2005-2754", "CVE-2005-2755", "CVE-2005-2756");
 script_bugtraq_id(15306, 15307, 15308, 15309);

 script_name(english:"Quicktime < 7.0.3 Multiple Vulnerabilities (Mac OS X)");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote version of QuickTime may allow an attacker to execute arbitrary
code on the remote host." );
 script_set_attribute(attribute:"description", value:
"The remote Mac OS X host is running a version of Quicktime 7 which is older
than Quicktime 7.0.3.

The remote version of this software is vulnerable to various buffer overflows 
which may allow an attacker to execute arbitrary code on the remote host by
sending a malformed file to a victim and have him open it using QuickTime 
player." );
 script_set_attribute(attribute:"solution", value:
"Install Quicktime 7.0.3 or later." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");
 # http://web.archive.org/web/20060419122232/http://docs.info.apple.com/article.html?artnum=302772
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?49086446" );

 script_set_attribute(attribute:"plugin_publication_date", value: "2005/11/04");
 script_set_attribute(attribute:"vuln_publication_date", value: "2005/11/03");
 script_set_attribute(attribute:"patch_publication_date", value: "2005/11/02");
 script_cvs_date("Date: 2018/07/14  1:59:35");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:quicktime");
script_end_attributes();

 script_summary(english:"Check for Quicktime 7.0.3");
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
 script_family(english:"MacOS X Local Security Checks");
 script_dependencies("macosx_Quicktime652.nasl");
 script_require_keys("MacOSX/QuickTime/Version");
 exit(0);
}

#

ver = get_kb_item("MacOSX/QuickTime/Version");
if (! ver ) exit(0);

version = split(ver, sep:'.', keep:FALSE);
if ( int(version[0]) == 7 && int(version[1]) == 0 && int(version[2]) < 3 ) security_warning(0);