Summary
The host is installed with Apple QuickTime and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to execute arbitrary code in the context of an affected application, and can cause Denial of Service.
Impact Level: Application
Solution
Upgrade to Apple QuickTime version 7.6.4 or later, http://www.apple.com/quicktime/download/
Insight
- A memory corruption issue exists when handling 'H.264' movie files.
- An error in the parsing of 'MPEG-4' video files which causes buffer overflow.
- An integer overflow error when processing the 'SectorShift' and 'cSectFat' fields of a FlashPix file header. This can be exploited to cause a heap-based buffer overflow via a specially crafted FlashPix '.fpx' file.
- A boundary error exists when processing samples from a 'H.264' encoded MOV file. This can be exploited to cause a heap-based buffer overflow via a specially crafted 'MOV' file.
Affected
Apple QuickTime before 7.6.4 on Windows.
References
Severity
Classification
-
CVE CVE-2009-2202, CVE-2009-2203, CVE-2009-2798, CVE-2009-2799 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Linux)
- Apple QuickTime Multiple Buffer Overflow Vulnerabilities (Windows)
- Adobe Flash Professional JPG Object Processing BOF Vulnerability (Windows)
- Adobe Flash Player Multiple Vulnerabilities - Mar09 (Win)
- Adobe Reader 'File Extension' Buffer Overflow Vulnerability (Windows)