Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.QUICKTIME_PLAYER_OVERFLOW2.NASL
HistoryNov 04, 2005 - 12:00 a.m.

QuickTime < 7.0.3 Multiple Vulnerabilities (Windows)

2005-11-0400:00:00
This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
www.tenable.com
8
JSON

The remote Windows host is running a version of QuickTime that is older than QuickTime 7.0.3.

The remote version of this software is reportedly vulnerable to various buffer overflows that may allow an attacker to execute arbitrary code on the remote host by sending a malformed file to a victim and have him open it using QuickTime player.

#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if(description)
{
 script_id(20136);
 script_version ("1.14");
 script_cve_id("CVE-2005-2753", "CVE-2005-2754", "CVE-2005-2755", "CVE-2005-2756");
 script_bugtraq_id(15306, 15307, 15308, 15309);

 script_name(english:"QuickTime < 7.0.3 Multiple Vulnerabilities (Windows)");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote version of QuickTime may allow an attacker to execute
arbitrary code on the remote host." );
 script_set_attribute(attribute:"description", value:
"The remote Windows host is running a version of QuickTime that is
older than QuickTime 7.0.3. 

The remote version of this software is reportedly vulnerable to
various buffer overflows that may allow an attacker to execute
arbitrary code on the remote host by sending a malformed file to a
victim and have him open it using QuickTime player." );
 script_set_attribute(attribute:"see_also", value:"https://support.apple.com/?artnum=302772" );
 script_set_attribute(attribute:"solution", value:
"Upgrade to QuickTime 7.0.3 or later." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"plugin_publication_date", value: "2005/11/04");
 script_set_attribute(attribute:"vuln_publication_date", value: "2005/11/03");
 script_cvs_date("Date: 2018/11/15 20:50:28");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:quicktime");
script_end_attributes();

 script_summary(english:"Check for QuickTime < 7.0.3");
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows");
 script_dependencies("quicktime_installed.nasl");
 script_require_keys("SMB/QuickTime/Version");
 exit(0);
}


ver = get_kb_item("SMB/QuickTime/Version");
if (ver && ver =~ "^([0-6]\.|7\.0\.[0-2])") security_hole(get_kb_item("SMB/transport"));
VendorProductVersionCPE
applequicktimecpe:/a:apple:quicktime

Related

nessus 1
cve 4
checkpoint_advisories 1
securityvulns 4
cert 1
nessus
nessus
Quicktime < 7.0.3 Multiple Vulnerabilities (Mac OS X)
2005-11-04 00:00:00
cve
cve
CVE-2005-2753
2005-11-05 11:02:00
CVE-2005-2755
2005-11-05 11:02:00
CVE-2005-2754
2005-11-05 11:02:00
checkpoint_advisories
checkpoint_advisories
Apple QuickTime MOV File String Handling Integer Overflow (CVE-2005-2753)
2010-02-10 00:00:00
securityvulns
securityvulns
[Full-disclosure] Advisory: Apple QuickTime Player Remote Integer Overflow &#40;1&#41;
2005-11-04 00:00:00
[Full-disclosure] Advisory: Apple QuickTime Player Remote Denial Of Service
2005-11-04 00:00:00
[Full-disclosure] Advisory: Apple QuickTime PICT Remote Memory Overwrite
2005-11-04 00:00:00
cert
cert
Apple QuickTime PictureViewer PICT data decompression buffer overflow
2005-11-08 00:00:00
JSON
Related for QUICKTIME_PLAYER_OVERFLOW2.NASL
nessus1cve4checkpoint_advisories1securityvulns4cert1