Test ID:	1.3.6.1.4.1.25623.1.0.802133
Category:	Buffer overflow
Title:	Apple QuickTime Multiple Buffer Overflow Vulnerabilities (Windows)
Summary:	The host is running Apple QuickTime and is prone to multiple buffer; overflow vulnerabilities.
Description:	Summary: The host is running Apple QuickTime and is prone to multiple buffer overflow vulnerabilities. Vulnerability Insight: The flaws are due to - a buffer overflow error, when handling pict files. - heap buffer overflow error, when handling 'GIF' images and 'STSC', 'STSS', 'STSZ' and 'STTS' atoms in QuickTime movie files. - multiple stack buffer overflows existed in the handling of 'H.264' encoded movie files. - stack buffer overflow existed in the QuickTime ActiveX control's handling of 'QTL' files. - an integer overflow existed in the handling of track run atoms in QuickTime movie files. - improper bounds checking when handling 'mp4v' codec information. Vulnerability Impact: Successful exploitation could allow attackers to execute arbitrary code in the context of the currently logged-in user. Viewing a maliciously crafted movie file may lead to an unexpected application termination. Affected Software/OS: Apple QuickTime version prior to 7.7. Solution: Upgrade to Apple QuickTime version 7.7 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	BugTraq ID: 49028 BugTraq ID: 49029 BugTraq ID: 49030 BugTraq ID: 49031 BugTraq ID: 49144 BugTraq ID: 49396 Common Vulnerability Exposure (CVE) ID: CVE-2011-0245 http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15755 Common Vulnerability Exposure (CVE) ID: CVE-2011-0246 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15681 Common Vulnerability Exposure (CVE) ID: CVE-2011-0247 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16186 Common Vulnerability Exposure (CVE) ID: CVE-2011-0248 Common Vulnerability Exposure (CVE) ID: CVE-2011-0249 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16089 Common Vulnerability Exposure (CVE) ID: CVE-2011-0250 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15885 Common Vulnerability Exposure (CVE) ID: CVE-2011-0251 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16143 Common Vulnerability Exposure (CVE) ID: CVE-2011-0252 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15884 Common Vulnerability Exposure (CVE) ID: CVE-2011-0256 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16097 Common Vulnerability Exposure (CVE) ID: CVE-2011-0257 http://www.exploit-db.com/exploits/17777 http://zerodayinitiative.com/advisories/ZDI-11-252/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16059 http://securityreason.com/securityalert/8365 Common Vulnerability Exposure (CVE) ID: CVE-2011-0258 Bugtraq: 20110831 ZDI-11-277: Apple QuickTime 3g2 'mp4v' atom size Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/519483/100/0/threaded http://zerodayinitiative.com/advisories/ZDI-11-277/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15671 http://securityreason.com/securityalert/8368 XForce ISS Database: quicktime-mp4v-bo(69518) https://exchange.xforce.ibmcloud.com/vulnerabilities/69518
Copyright	Copyright (C) 2011 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.