Summary
The host is installed with Apple QuickTime and is prone to multiple denial of service vulnerabilities.
Impact
Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service via crafted files.
Impact Level: System/Application
Solution
Upgrade to QuickTime Player version 7.7.1 or later, For updates refer to http://www.apple.com/quicktime/download/
Insight
The flaws are due to
- A integer overflow while handling the PICT files and JPEG2000 encoded movie files.
- A signedness issue existed in the handling of font tables embedded in QuickTime movie files.
- A buffer overflow issue while handling FLIC files, FlashPix files and FLC and RLE encoded movie files.
- A memory corruption issue, while handling of TKHD atoms in QuickTime movie files.
Affected
QuickTime Player version prior to 7.7.1
References
Severity
Classification
-
CVE CVE-2011-3218, CVE-2011-3219, CVE-2011-3220, CVE-2011-3221, CVE-2011-3222, CVE-2011-3223, CVE-2011-3228, CVE-2011-3247, CVE-2011-3248, CVE-2011-3249, CVE-2011-3250, CVE-2011-3251, CVE-2011-3428 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- CA eTrust SCM Multiple HTTP Gateway Service Vulnerabilities
- Adobe Flash Media Server Multiple Denial of Service Vulnerabilities
- Epson EventManager 'x-protocol-version' Denial of Service Vulnerability
- Avast! Zoo Denial of Service Vulnerability
- freeSSHd SFTP 'rename' and 'realpath' Remote DoS Vulnerability