Test Kennung:	1.3.6.1.4.1.25623.1.0.900121
Kategorie:	General
Titel:	Apple QuickTime Movie/PICT/QTVR Multiple Remote Vulnerabilities
Zusammenfassung:	This host has Apple QuickTime installed, which is prone to multiple; vulnerabilities.
Beschreibung:	Summary: This host has Apple QuickTime installed, which is prone to multiple vulnerabilities. Vulnerability Insight: The flaws exist due to: - an uninitialized memory access inn the Indeo v5 codec and lack of proper bounds checking within QuickTimeInternetExtras.qtx file. - improper handling of panorama atoms in QTVR movie files. - improper handling of maxTilt, minFieldOfView and maxFieldOfView parameters in panorama track PDAT atoms. - an uninitialized memory access in the third-party Indeo v5 codec. - an invalid pointer in handling of PICT images. - memory corruption in handling of STSZ atoms in movie files within CallComponentFunctionWithStorage() function. - multiple memory corruption in H.264 encoded movie files. - parsing of movie video files in QuickTimeH264.scalar and MP4 video files in QuickTimeH264.qtx. Vulnerability Impact: Successful exploitation could allow remote attackers to gain unauthorized access to execute arbitrary code and trigger a denial of service condition. Affected Software/OS: Apple QuickTime versions prior to 7.5.5 on Windows (all). Solution: Upgrade to version 7.5.5. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	BugTraq ID: 31086 Common Vulnerability Exposure (CVE) ID: CVE-2008-3615 http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html http://www.securityfocus.com/bid/31086 Bugtraq: 20080915 Critical Vulnerability in Apple Quicktimeâ??s Indeo Codec (Google Search) http://www.securityfocus.com/archive/1/496358/100/0/threaded http://www.ngssoftware.com/advisories/critical-vulnerability-in-apple-quicktimes-indeo-codec/ http://securitytracker.com/id?1020841 http://secunia.com/advisories/31821 http://www.vupen.com/english/advisories/2008/2527 Common Vulnerability Exposure (CVE) ID: CVE-2008-3635 Bugtraq: 20080909 ZDI-08-057: Apple QuickTime IV32 Codec Parsing Stack Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/496201/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-08-057/ Common Vulnerability Exposure (CVE) ID: CVE-2008-3624 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16124 Common Vulnerability Exposure (CVE) ID: CVE-2008-3625 Bugtraq: 20080909 ZDI-08-058: Apple QuickTime Panorama PDAT Atom Parsing Buffer Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/496161/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-08-058/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15935 Common Vulnerability Exposure (CVE) ID: CVE-2008-3614 http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html Cert/CC Advisory: TA08-260A http://www.us-cert.gov/cas/techalerts/TA08-260A.html http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=744 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15851 http://www.securitytracker.com/id?1020879 http://secunia.com/advisories/31882 http://www.vupen.com/english/advisories/2008/2584 Common Vulnerability Exposure (CVE) ID: CVE-2008-3626 http://lists.apple.com/archives/security-announce/2008/Oct/msg00000.html BugTraq ID: 31546 http://www.securityfocus.com/bid/31546 Bugtraq: 20080909 ZDI-08-059: Apple QuickTime STSZ Atom Parsing Heap Corruption Vulnerability (Google Search) http://marc.info/?l=bugtraq&m=122099929821288&w=2 http://www.zerodayinitiative.com/advisories/ZDI-08-059/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16152 http://secunia.com/advisories/32121 http://www.vupen.com/english/advisories/2008/2735 Common Vulnerability Exposure (CVE) ID: CVE-2008-3627 Bugtraq: 20080909 ZDI-08-060: Apple QuickTime AVC1 Atom Parsing Heap Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/496163/100/0/threaded Bugtraq: 20080909 ZDI-08-061: Apple QuickTime Player H.264 Parsing Heap Corruption Vulnerability (Google Search) http://www.securityfocus.com/archive/1/496175/100/0/threaded Bugtraq: 20080909 ZDI-08-062: Apple QuickTime MDAT Frame Parsing Memory Corruption Vulnerability (Google Search) http://www.securityfocus.com/archive/1/496176/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-08-060/ http://www.zerodayinitiative.com/advisories/ZDI-08-061/ http://www.zerodayinitiative.com/advisories/ZDI-08-062/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16164 Common Vulnerability Exposure (CVE) ID: CVE-2008-3628 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15841 Common Vulnerability Exposure (CVE) ID: CVE-2008-3629 BugTraq ID: 31548 http://www.securityfocus.com/bid/31548 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16019
Copyright	Copyright (C) 2008 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.