Summary
The host is installed with Apple QuickTime and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to execute arbitrary code in the context of an affected application, and can cause Denial of Service.
Impact Level: Application
Solution
Upgrade to Apple QuickTime version 7.6.4 or later, http://www.apple.com/quicktime/download/
Insight
- A memory corruption issue exists when handling 'H.264' movie files.
- An error in the parsing of 'MPEG-4' video files which causes buffer overflow.
- An integer overflow error when processing the 'SectorShift' and 'cSectFat' fields of a FlashPix file header. This can be exploited to cause a heap-based buffer overflow via a specially crafted FlashPix '.fpx' file.
- A boundary error exists when processing samples from a 'H.264' encoded MOV file. This can be exploited to cause a heap-based buffer overflow via a specially crafted 'MOV' file.
Affected
Apple QuickTime before 7.6.4 on Windows.
References
Severity
Classification
-
CVE CVE-2009-2202, CVE-2009-2203, CVE-2009-2798, CVE-2009-2799 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Photoshop Multiple Buffer Overflow Vulnerabilities
- Adobe Shockwave Player 3D Model Buffer Overflow Vulnerabilities
- Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Linux)
- Adobe Reader Multimeda Doc.media.newPlayer Code Execution Vulnerability (Linux)
- CuteFTP Heap Based Buffer Overflow Vulnerability