Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.803047
Category:General
Title:Apple QuickTime Multiple Vulnerabilities - Nov12 (Windows)
Summary:This host is installed with Apple QuickTime and is prone to; multiple vulnerabilities.
Description:Summary:
This host is installed with Apple QuickTime and is prone to
multiple vulnerabilities.

Vulnerability Insight:
- Multiple boundary errors exist when handling a PICT file, a Targa file,
the transform attribute of 'text3GTrack' elements and the 'rnet' box within MP4 file.

- Use-after-free errors exist when handling '_qtactivex_' parameters within
an HTML object and 'Clear()' method.

Vulnerability Impact:
Successful exploitation will allow attackers to execute arbitrary code or
cause a buffer overflow condition.

Affected Software/OS:
QuickTime Player version prior to 7.7.3 on Windows.

Solution:
Upgrade to QuickTime Player version 7.7.3 or later.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: BugTraq ID: 56438
Common Vulnerability Exposure (CVE) ID: CVE-2011-1374
http://lists.apple.com/archives/security-announce/2012/Nov/msg00002.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15782
http://secunia.com/advisories/51226
Common Vulnerability Exposure (CVE) ID: CVE-2012-3757
http://technet.microsoft.com/en-us/security/msvr/msvr12-021
http://osvdb.org/87092
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16167
XForce ISS Database: apple-quicktime-pict-ce(79896)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79896
Common Vulnerability Exposure (CVE) ID: CVE-2012-3751
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16166
XForce ISS Database: apple-quicktime-qtactivex-code-exec(79897)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79897
Common Vulnerability Exposure (CVE) ID: CVE-2012-3758
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15951
XForce ISS Database: quicktime-text3gtrack-bo(79898)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79898
Common Vulnerability Exposure (CVE) ID: CVE-2012-3752
BugTraq ID: 56557
http://www.securityfocus.com/bid/56557
http://packetstormsecurity.com/files/118359/Apple-QuickTime-7.7.2-TeXML-Style-Element-font-table-Field-Stack-Buffer-Overflow.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16121
XForce ISS Database: quicktime-texml-file-bo(79899)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79899
Common Vulnerability Exposure (CVE) ID: CVE-2012-3753
http://packetstormsecurity.com/files/118421/Apple-QuickTime-7.7.2-MIME-Type-Buffer-Overflow.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15947
XForce ISS Database: apple-quicktime-mime-bo(79900)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79900
Common Vulnerability Exposure (CVE) ID: CVE-2012-3754
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15986
XForce ISS Database: apple-quicktime-clear-code-exec(79901)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79901
Common Vulnerability Exposure (CVE) ID: CVE-2012-3755
BugTraq ID: 56551
http://www.securityfocus.com/bid/56551
http://packetstormsecurity.org/files/118231/Apple-QuickTime-7.7.2-Buffer-Overflow.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16002
XForce ISS Database: apple-quicktime-targa-bo(79902)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79902
Common Vulnerability Exposure (CVE) ID: CVE-2012-3756
http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
http://osvdb.org/87091
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16065
XForce ISS Database: quicktime-rnet-bo(79903)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79903
CopyrightCopyright (C) 2012 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.