Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.QUICKTIME_775.NASL
HistoryFeb 26, 2014 - 12:00 a.m.

QuickTime < 7.7.5 Multiple Vulnerabilities (Windows)

2014-02-2600:00:00
This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
www.tenable.com
22
JSON

The version of QuickTime installed on the remote Windows host is earlier than 7.7.5. It is, therefore, reportedly affected by the following vulnerabilities :

  • Out-of-bounds byte swapping issues exist in the handling of QuickTime image descriptions and ‘ttfo’ elements. (CVE-2013-1032, CVE-2014-1250)

  • An uninitialized pointer issue exists in the handling of track lists. (CVE-2014-1243)

  • Buffer overflow vulnerabilities exist in the handling of H.264 encoded movie files, ‘ftab’ atoms, ‘ldat’ atoms, PSD images, and ‘clef’ atoms. (CVE-2014-1244, CVE-2014-1248, CVE-2014-1249, CVE-2014-1251)

  • A signedness issue exists in the handling of ‘stsz’ atoms. (CVE-2014-1245)

  • A memory corruption issue exists in the handling of ‘dref’ atoms. (CVE-2014-1247)

Successful exploitation of these issues could result in program termination or arbitrary code execution, subject to the user’s privileges.

#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if (description)
{
  script_id(72706);
  script_version("1.8");
  script_cvs_date("Date: 2018/11/15 20:50:28");

  script_cve_id(
    "CVE-2013-1032",
    "CVE-2014-1243",
    "CVE-2014-1244",
    "CVE-2014-1245",
    "CVE-2014-1246",
    "CVE-2014-1247",
    "CVE-2014-1248",
    "CVE-2014-1249",
    "CVE-2014-1250",
    "CVE-2014-1251"
  );
  script_bugtraq_id(62375, 65777, 65784, 65786, 65787);
  script_xref(name:"APPLE-SA", value:"APPLE-SA-2014-02-25-3");

  script_name(english:"QuickTime < 7.7.5 Multiple Vulnerabilities (Windows)");
  script_summary(english:"Checks version of QuickTime on Windows");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote Windows host contains an application that may be affected
by multiple vulnerabilities."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The version of QuickTime installed on the remote Windows host is
earlier than 7.7.5.  It is, therefore, reportedly affected by the
following vulnerabilities :

  - Out-of-bounds byte swapping issues exist in the
    handling of QuickTime image descriptions and 'ttfo'
    elements. (CVE-2013-1032, CVE-2014-1250)

  - An uninitialized pointer issue exists in the handling of
    track lists.  (CVE-2014-1243)

  - Buffer overflow vulnerabilities exist in the handling of
    H.264 encoded movie files, 'ftab' atoms, 'ldat' atoms,
    PSD images, and 'clef' atoms. (CVE-2014-1244,
    CVE-2014-1248, CVE-2014-1249, CVE-2014-1251)

  - A signedness issue exists in the handling of 'stsz'
    atoms. (CVE-2014-1245)

  - A memory corruption issue exists in the handling of
    'dref' atoms. (CVE-2014-1247)

Successful exploitation of these issues could result in program
termination or arbitrary code execution, subject to the user's
privileges."
  );
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-044/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-045/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-046/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-047/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-048/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-049/");
  script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT204527");
  script_set_attribute(attribute:"see_also", value:"https://lists.apple.com/archives/security-announce/2014/Feb/msg00002.html");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/531268/30/0/threaded");
  script_set_attribute(attribute:"solution", value:"Upgrade to QuickTime 7.7.5 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/09/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/02/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/26");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:quicktime");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");

  script_dependencies("quicktime_installed.nasl");
  script_require_keys("SMB/QuickTime/Version");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

kb_base = "SMB/QuickTime/";

version = get_kb_item_or_exit(kb_base+"Version");
path = get_kb_item_or_exit(kb_base+"Path");

version_ui = get_kb_item(kb_base+"Version_UI");
if (isnull(version_ui)) version_report = version;
else version_report = version_ui;

fixed_version = "7.75.80.95";
fixed_version_ui = "7.7.5 (1680.95.13)";

if (ver_compare(ver:version, fix:fixed_version) == -1)
{
  port = get_kb_item("SMB/transport");
  if (!port) port = 445;

  if (report_verbosity > 0)
  {
    report =
      '\n  Path              : '+path+
      '\n  Installed version : '+version_report+
      '\n  Fixed version     : '+fixed_version_ui+'\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
  exit(0);
}
audit(AUDIT_INST_PATH_NOT_VULN, 'QuickTime Player', version_report, path);
VendorProductVersionCPE
applequicktimecpe:/a:apple:quicktime

References

Related

kaspersky 1
nessus 6
securityvulns 6
openvas 3
seebug 3
prion 10
zdi 6
cve 10
checkpoint_advisories 1
kaspersky
kaspersky
KLA10016 Multiple vulnerabilities in Apple QuickTime
2014-02-25 00:00:00
nessus
nessus
Quicktime (for Windows) < 7.7.5 Multiple Vulnerabilities (deprecated)
2014-02-26 00:00:00
Apple Quicktime 7.7.5 Multiple Vulnerabilities
2014-02-26 00:00:00
Mac OS X 10.9.x < 10.9.2 Multiple Vulnerabilities
2014-02-25 00:00:00
securityvulns
securityvulns
APPLE-SA-2014-02-25-3 QuickTime 7.7.5
2014-02-28 00:00:00
Apple QuickTime multiple security vulnerabilities
2014-02-28 00:00:00
Apple Mac OS X multiple security vulnerabilities
2014-02-28 00:00:00
openvas
openvas
Apple QuickTime Multiple Vulnerabilities (Mar 2014) - Windows
2014-03-04 00:00:00
Apple Mac OS X Multiple Vulnerabilities -04 (Sep 2014)
2014-09-22 00:00:00
Apple Mac OS X Multiple Vulnerabilities-04 (Oct 2015)
2015-10-29 00:00:00
seebug
seebug
Apple Mac OS X多个安全漏洞(APPLE-SA-2014-02-25-1)
2014-02-26 00:00:00
Apple QuickTime远程内存破坏漏洞
2014-02-28 00:00:00
Apple QuickTime远程缓冲区溢出漏洞
2014-02-28 00:00:00
prion
prion
Memory corruption
2013-09-16 13:02:00
Design/Logic Flaw
2014-02-27 01:55:00
Buffer overflow
2014-02-27 01:55:00
zdi
zdi
Apple QuickTime nam Atom Parsing Remote Code Execution Vulnerability
2014-04-03 00:00:00
Apple QuickTime dref Atom Remote Code Execution Vulnerability
2014-04-03 00:00:00
Apple QuickTime clef Atom Heap Buffer Overflow Remote Code Execution Vulnerability
2014-04-03 00:00:00
cve
cve
CVE-2014-1243
2014-02-27 01:55:00
CVE-2013-1032
2013-09-16 13:02:00
CVE-2014-1244
2014-02-27 01:55:00
checkpoint_advisories
checkpoint_advisories
Apple QuickTime ftab Atom Stack Buffer Overflow (CVE-2014-1246)
2014-05-04 00:00:00
JSON
Related for QUICKTIME_775.NASL
kaspersky1nessus6securityvulns6openvas3seebug3prion10zdi6cve10checkpoint_advisories1