|
|
Family: Windows --> Category: infos
Quicktime < 7.0.4 (Windows) Vulnerability Scan
Vulnerability Scan Summary
Checks for Quicktime < 7.0.4 on Windows
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote version of QuickTime is affected by multiple code execution
vulnerabilities.
Description :
The remote Windows host is running a version of Quicktime prior to
7.0.4.
The remote version of Quicktime is vulnerable to various buffer
overflows involving specially-crafted image and media files. An
attacker may be able to leverage these issues to execute arbitrary
code on the remote host by sending a malformed file to a victim and
have him open it using QuickTime player.
See also :
http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041289.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041290.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041291.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041292.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041333.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041334.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041335.html
http://www.cirt.dk/advisories/cirt-41-advisory.pdf
http://lists.apple.com/archives/security-announce/2006/Jan/msg00001.html
http://docs.info.apple.com/article.html?artnum=303101
Solution :
Upgrade to Quicktime version 7.0.4 or later.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
