| VID |
50060 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version of QuickTime which is older than 7.7.4 has been installed on the host. QuickTime versions prior to 7.7.4 are vulnerable to multiple vulnerabilities.
- Buffer overflow vulnerabilities exist in the handling of 'dref' atoms, 'enof' atoms, 'mvhd' atoms, FPX files, MP3 files, H.263 and H.264 encoded movie files, Sorenson encoded movie files, and JPEG encoded data. (CVE-2013-0986, CVE-2013-0988, CVE-2013-0989, CVE-2013-1016, CVE-2013-1017, CVE-2013-1018, CVE-2013-1019, CVE-2013-1021, CVE-2013-1022)
- Memory corruption vulnerabilities exist in the handling of QTIF files, TeXML files, and JPEG encoded data. (CVE-2013-0987, CVE-2013-1015, CVE-2013-1020)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://support.apple.com/kb/HT5770
http://lists.apple.com/archives/security-announce/2013/May/msg00001.html
* Platforms Affected:
QuickTime versions prior to 7.7.4
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of QuickTime Player (7.7.4 or later), available from the Apple Web site at http://www.apple.com/quicktime/ |
| Related URL |
CVE-2013-0986,CVE-2013-0987,CVE-2013-0988,CVE-2013-0989,CVE-2013-1015,CVE-2013-1016,CVE-2013-1017,CVE-2013-1018,CVE-2013-1019,CVE-2013-1020 (CVE) |
| Related URL |
60092,60097,60098,60099,60100,60101,60102,60103,60104,60108,60109,60110 (SecurityFocus) |
| Related URL |
(ISS) |
|
