Vulners
Lucene search
Apple QuickTime Movie/PICT/QTVR Multiple Remote Vulnerabilities
🗓️ 25 Sep 2008 00:00:00Reported by Copyright (C) 2008 SecPodType 
openvas🔗 plugins.openvas.org👁 34 Views
| Reporter | Title | Published | Views | Family All 70 |
|---|---|---|---|---|
 | QuickTime < 7.5.5 Multiple Vulnerabilities | 10 Sep 200800:00 | – | nessus |
| Mac OS X < 10.5.5 Multiple Vulnerabilities | 16 Sep 200800:00 | – | nessus |
| Mac OS X 10.5.x < 10.5.5 Multiple Vulnerabilities | 16 Sep 200800:00 | – | nessus |
| QuickTime < 7.5.5 Multiple Vulnerabilities (Mac OS X) | 10 Sep 200800:00 | – | nessus |
| Mac OS X Multiple Vulnerabilities (Security Update 2008-006) | 16 Sep 200800:00 | – | nessus |
| QuickTime < 7.5.5 Multiple Vulnerabilities (Windows) | 10 Sep 200800:00 | – | nessus |
 | Apple QuickTime PDAT Atom Parsing Buffer Overflow (CVE-2008-3625) | 18 Feb 201000:00 | – | checkpoint_advisories |
 | CVE-2008-3614 | 10 Sep 200816:00 | – | cve |
| CVE-2008-3615 | 10 Sep 200816:00 | – | cve |
| CVE-2008-3624 | 10 Sep 200816:00 | – | cve |
10
| Source | Link |
|---|---|
| securityfocus | www.securityfocus.com/archive/1/496161 |
| securityfocus | www.securityfocus.com/archive/1/496163 |
| labs | www.labs.idefense.com/intelligence/vulnerabilities/display.php |
| support | www.support.apple.com/kb/HT3027 |
##############################################################################
# OpenVAS Vulnerability Test
# $Id: secpod_apple_quicktime_mult_vuln_900121.nasl 7174 2017-09-18 11:48:08Z asteins $
# Description: Apple QuickTime Movie/PICT/QTVR Multiple Remote Vulnerabilities
#
# Authors:
# Sharath S <[email protected]>
#
# Copyright:
# Copyright (C) 2008 SecPod, http://www.secpod.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
##############################################################################
tag_impact = "Successful exploitation could allow remote attackers to gain
unauthorized access to execute arbitrary code and trigger a denial of
service condition.
Impact Level : Application";
tag_solution = "Upgrade to version 7.5.5
http://www.apple.com/quicktime/download/";
tag_affected = "Apple QuickTime versions prior to 7.5.5 on Windows (all)";
tag_insight = "The flaws exist due to,
- an uninitialized memory access inn the Indeo v5 codec and lack of
proper bounds checking within QuickTimeInternetExtras.qtx file.
- improper handling of panorama atoms in QTVR movie files.
- improper handling of maxTilt, minFieldOfView and maxFieldOfView
parameters in panorama track PDAT atoms.
- an uninitialized memory access in the third-party Indeo v5 codec.
- an invalid pointer in handling of PICT images.
- memory corruption in handling of STSZ atoms in movie files within
CallComponentFunctionWithStorage() function.
- multiple memory corruption in H.264 encoded movie files.
- parsing of movie video files in QuickTimeH264.scalar and MP4 video
files in QuickTimeH264.qtx.";
tag_summary = "This host has Apple QuickTime installed, which prone to multiple
vulnerabilities.";
if(description)
{
script_id(900121);
script_version("$Revision: 7174 $");
script_tag(name:"last_modification", value:"$Date: 2017-09-18 13:48:08 +0200 (Mon, 18 Sep 2017) $");
script_tag(name:"creation_date", value:"2008-09-25 09:10:39 +0200 (Thu, 25 Sep 2008)");
script_bugtraq_id(31086);
script_cve_id("CVE-2008-3615","CVE-2008-3635","CVE-2008-3624","CVE-2008-3625",
"CVE-2008-3614","CVE-2008-3626","CVE-2008-3627","CVE-2008-3628",
"CVE-2008-3629");
script_copyright("Copyright (C) 2008 SecPod");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_category(ACT_GATHER_INFO);
script_tag(name:"qod_type", value:"registry");
script_family("General");
script_name("Apple QuickTime Movie/PICT/QTVR Multiple Remote Vulnerabilities");
script_dependencies("secpod_reg_enum.nasl",
"secpod_apple_quicktime_detection_win_900124.nasl");
script_mandatory_keys("SMB/WindowsVersion");
script_xref(name : "URL" , value : "http://support.apple.com/kb/HT3027");
script_xref(name : "URL" , value : "http://www.securityfocus.com/archive/1/496161");
script_xref(name : "URL" , value : "http://www.securityfocus.com/archive/1/496163");
script_xref(name : "URL" , value : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=744");
script_tag(name : "summary" , value : tag_summary);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "impact" , value : tag_impact);
exit(0);
}
if(!get_kb_item("SMB/WindowsVersion")){
exit(0);
}
if(egrep(pattern:"^([0-6]\..*|7\.([0-4](\..*)?|5(\.[0-4])?))$",
string:get_kb_item("QuickTime/Win/Ver"))){
security_message(0);
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
18 Sep 2017 00:00Current
0.7Low risk
Vulners AI Score0.7
EPSS0.29915