Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.800102
Category:General
Title:Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities (Windows)
Summary:The host is installed with Apple QuickTime which is prone to; Multiple Arbitrary Code Execution Vulnerabilities.
Description:Summary:
The host is installed with Apple QuickTime which is prone to
Multiple Arbitrary Code Execution Vulnerabilities.

Vulnerability Insight:
The flaws are due to:

- boundary error when parsing packed scanlines from a PixData
structure in a PICT file which can be exploited via specially crafted
PICT file.

- memory corruption issue in AAC-encoded media content can be
exploited via a specially crafted media file.

- error in the handling of PICT files or Indeo video codec content that
can be exploited via a specially crafted PICT file or movie file with
Indeo video codec content respectively.

- error in the handling of file URLs that can be exploited by making user
to play maliciously crafted QuickTime content.

Vulnerability Impact:
Successful exploitation allows attackers to execute arbitrary
code or unexpected application termination.

Affected Software/OS:
Apple QuickTime before 7.5 on Windows (Any).

Solution:
Upgrade to Apple QuickTime version 7.5 or later.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: BugTraq ID: 29619
Common Vulnerability Exposure (CVE) ID: CVE-2008-1581
http://lists.apple.com/archives/security-announce/2008/Jun/msg00000.html
http://www.securityfocus.com/bid/29619
BugTraq ID: 29649
http://www.securityfocus.com/bid/29649
Bugtraq: 20080610 Secunia Research: Apple QuickTime PICT Image Parsing Buffer Overflow (Google Search)
http://www.securityfocus.com/archive/1/493225/100/0/threaded
Cert/CC Advisory: TA08-162C
http://www.us-cert.gov/cas/techalerts/TA08-162C.html
http://secunia.com/secunia_research/2008-9/advisory/
http://www.securitytracker.com/id?1020213
http://secunia.com/advisories/29293
http://www.vupen.com/english/advisories/2008/1776/references
XForce ISS Database: quicktime-pixdata-bo(42943)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42943
Common Vulnerability Exposure (CVE) ID: CVE-2008-1582
BugTraq ID: 29654
http://www.securityfocus.com/bid/29654
http://www.securitytracker.com/id?1020214
XForce ISS Database: quicktime-aacencoded-code-execution(42944)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42944
Common Vulnerability Exposure (CVE) ID: CVE-2008-1583
BugTraq ID: 29648
http://www.securityfocus.com/bid/29648
http://www.securitytracker.com/id?1020215
XForce ISS Database: apple-quicktime-pict-image-bo(42945)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42945
Common Vulnerability Exposure (CVE) ID: CVE-2008-1584
BugTraq ID: 29652
http://www.securityfocus.com/bid/29652
Bugtraq: 20080610 ZDI-08-037: Apple QuickTime Indeo Video Buffer Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/493247/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-08-037/
http://www.securitytracker.com/id?1020216
XForce ISS Database: quicktime-indeo-video-bo(42947)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42947
Common Vulnerability Exposure (CVE) ID: CVE-2008-1585
http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html
BugTraq ID: 29650
http://www.securityfocus.com/bid/29650
Bugtraq: 20080610 ZDI-08-038: QuickTime SMIL qtnext Redirect File Execution (Google Search)
http://www.securityfocus.com/archive/1/493248/100/0/threaded
CERT/CC vulnerability note: VU#132419
http://www.kb.cert.org/vuls/id/132419
http://www.zerodayinitiative.com/advisories/ZDI-08-038/
http://www.securitytracker.com/id?1020217
http://secunia.com/advisories/31034
http://www.vupen.com/english/advisories/2008/2064/references
XForce ISS Database: quicktime-quicktime-content-code-execution(42948)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42948
CopyrightCopyright (C) 2008 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.