ID de Prueba:	1.3.6.1.4.1.25623.1.0.802133
Categoría:	Buffer overflow
Título:	Apple QuickTime Multiple Buffer Overflow Vulnerabilities - Windows
Resumen:	Apple QuickTime is prone to multiple buffer overflow vulnerabilities.
Descripción:	Summary: Apple QuickTime is prone to multiple buffer overflow vulnerabilities. Vulnerability Insight: The flaws are due to - a buffer overflow error, when handling pict files. - heap buffer overflow error, when handling 'GIF' images and 'STSC', 'STSS', 'STSZ' and 'STTS' atoms in QuickTime movie files. - multiple stack buffer overflows existed in the handling of 'H.264' encoded movie files. - stack buffer overflow existed in the QuickTime ActiveX control's handling of 'QTL' files. - an integer overflow existed in the handling of track run atoms in QuickTime movie files. - improper bounds checking when handling 'mp4v' codec information. Vulnerability Impact: Successful exploitation could allow attackers to execute arbitrary code in the context of the currently logged-in user. Viewing a maliciously crafted movie file may lead to an unexpected application termination. Affected Software/OS: Apple QuickTime version prior to 7.7. Solution: Upgrade to Apple QuickTime version 7.7 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0245 http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15755 Common Vulnerability Exposure (CVE) ID: CVE-2011-0246 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15681 Common Vulnerability Exposure (CVE) ID: CVE-2011-0247 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16186 Common Vulnerability Exposure (CVE) ID: CVE-2011-0248 Common Vulnerability Exposure (CVE) ID: CVE-2011-0249 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16089 Common Vulnerability Exposure (CVE) ID: CVE-2011-0250 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15885 Common Vulnerability Exposure (CVE) ID: CVE-2011-0251 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16143 Common Vulnerability Exposure (CVE) ID: CVE-2011-0252 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15884 Common Vulnerability Exposure (CVE) ID: CVE-2011-0256 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16097 Common Vulnerability Exposure (CVE) ID: CVE-2011-0257 http://www.exploit-db.com/exploits/17777 http://zerodayinitiative.com/advisories/ZDI-11-252/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16059 http://securityreason.com/securityalert/8365 Common Vulnerability Exposure (CVE) ID: CVE-2011-0258 Bugtraq: 20110831 ZDI-11-277: Apple QuickTime 3g2 'mp4v' atom size Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/519483/100/0/threaded http://zerodayinitiative.com/advisories/ZDI-11-277/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15671 http://securityreason.com/securityalert/8368 XForce ISS Database: quicktime-mp4v-bo(69518) https://exchange.xforce.ibmcloud.com/vulnerabilities/69518
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.