Test ID:	1.3.6.1.4.1.25623.1.0.90012
Category:	General
Title:	Apple Quicktime Player < 7.50.51 Multiple Vulnerabilities
Summary:	Apple Quicktime Player is prone to multiple vulnerabilities.
Description:	Summary: Apple Quicktime Player is prone to multiple vulnerabilities. Vulnerability Impact: Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message. Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Solution: Update to version 7.50.51 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2010 BugTraq ID: 28959 http://www.securityfocus.com/bid/28959 http://www.gnucitizen.org/blog/quicktime-0day-for-vista-and-xp/ http://www.securitytracker.com/id?1019950 XForce ISS Database: quicktime-unspecifiedremote-code-execution(42098) https://exchange.xforce.ibmcloud.com/vulnerabilities/42098 Common Vulnerability Exposure (CVE) ID: CVE-2008-0234 http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html BugTraq ID: 27225 http://www.securityfocus.com/bid/27225 Bugtraq: 20080110 Buffer-overflow in Quicktime Player 7.3.1.70 (Google Search) http://www.securityfocus.com/archive/1/486091/100/0/threaded Bugtraq: 20080112 Re: Buffer-overflow in Quicktime Player 7.3.1.70 (Google Search) http://www.securityfocus.com/archive/1/486114/100/0/threaded http://www.securityfocus.com/archive/1/486174/100/0/threaded Bugtraq: 20080112 Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70 (Google Search) http://www.securityfocus.com/archive/1/486161/100/0/threaded http://www.securityfocus.com/archive/1/486268/100/0/threaded http://www.securityfocus.com/archive/1/486241/100/0/threaded Bugtraq: 20080114 Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70 (Google Search) http://www.securityfocus.com/archive/1/486238/100/0/threaded CERT/CC vulnerability note: VU#112179 http://www.kb.cert.org/vuls/id/112179 https://www.exploit-db.com/exploits/4885 https://www.exploit-db.com/exploits/4906 http://www.securitytracker.com/id?1019178 http://secunia.com/advisories/28423 http://secunia.com/advisories/31034 http://securityreason.com/securityalert/3537 http://www.vupen.com/english/advisories/2008/0107 http://www.vupen.com/english/advisories/2008/2064/references XForce ISS Database: quicktime-rtsp-responses-bo(39601) https://exchange.xforce.ibmcloud.com/vulnerabilities/39601
Copyright	Copyright (C) 2008 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.