7.7.2より前のQuickTimeの複数の脆弱性(Windows)
high Nessus プラグイン ID 59113
言語:
概要
リモート Windows ホストに、複数の脆弱性の影響を受けることがあるアプリケーションが、含まれています。説明
リモート Windows ホストにインストールされている QuickTime が 7.7.2 より前のバージョンであり、そのために以下の脆弱性の影響を受けることがあります。- An uninitialized memory access issue exists in the handling of MP4 encoded files. (CVE-2011-3458)
- An off-by-one buffer overflow exists in the handling of rdrf atoms in QuickTime movie files. (CVE-2011-3459)
- A stack-based buffer overflow exists in the QuickTime plugin's handling of PNG files. (CVE-2011-3460)
- A stack-based buffer overflow exists in QuickTime's handling of file paths. (CVE-2012-0265)
- A buffer overflow exists in the handling of audio sample tables. (CVE-2012-0658)
- An integer overflow exists in the handling of MPEG files. (CVE-2012-0659)
- An integer underflow exists in QuickTime's handling of audio streams in MPEG files. (CVE-2012-0660)
- A use-after-free issue exists in the handling of JPEG2000 encoded movie files. (CVE-2012-0661)
- Multiple stack overflows exist in QuickTime's handling of TeXML files. (CVE-2012-0663)
- A heap overflow exists in QuickTime's handling of text tracks. (CVE-2012-0664)
- A heap overflow exists in the handling of H.264 encoded movie files. (CVE-2012-0665)
- A stack-based buffer overflow exists in the QuickTime plugin's handling of QTMovie objects. (CVE-2012-0666)
- A signedness issue exists in the handling of QTVR movie files. (CVE-2012-0667)
- A buffer overflow exists in QuickTime's handling of Sorenson encoded movie files. (CVE-2012-0669)
- An integer overflow exists in QuickTime's handling of sean atoms. (CVE-2012-0670)
- A memory corruption issue exists in the handling of .pict files. (CVE-2012-0671)
ソリューション
QuickTime 7.7.2以降にアップグレードしてください。関連情報
https://www.zerodayinitiative.com/advisories/ZDI-12-075/
https://www.zerodayinitiative.com/advisories/ZDI-12-076/
https://www.zerodayinitiative.com/advisories/ZDI-12-077/
https://www.zerodayinitiative.com/advisories/ZDI-12-078/
https://www.zerodayinitiative.com/advisories/ZDI-12-095/
http://www.zerodayinitiative.com/advisories/ZDI-12-103/
https://www.zerodayinitiative.com/advisories/ZDI-12-105/
https://www.zerodayinitiative.com/advisories/ZDI-12-107/
https://www.zerodayinitiative.com/advisories/ZDI-12-108/
https://www.zerodayinitiative.com/advisories/ZDI-12-109/
https://www.zerodayinitiative.com/advisories/ZDI-12-125/
http://www.zerodayinitiative.com/advisories/ZDI-12-130/
https://www.zerodayinitiative.com/advisories/ZDI-12-153/
https://www.securityfocus.com/archive/1/523524/30/0/threaded
https://support.apple.com/en-us/HT202472
https://lists.apple.com/archives/security-announce/2012/May/msg00005.html
プラグインの詳細
深刻度: High
ID: 59113
ファイル名: quicktime_772.nasl
バージョン: 1.26
タイプ: local
エージェント: windows
ファミリー: Windows
公開日: 2012/5/16
更新日: 2018/11/15
サポートされているセンサー: Nessus Agent
リスク情報
VPR
リスクファクター: Critical
スコア: 9.0
CVSS v2
リスクファクター: High
Base Score: 9.3
Temporal Score: 8.1
ベクトル: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
脆弱性情報
CPE: cpe:/a:apple:quicktime
必要な KB アイテム: SMB/QuickTime/Version
エクスプロイトが利用可能: true
エクスプロイトの容易さ: Exploits are available
パッチ公開日: 2012/5/15
脆弱性公開日: 2012/5/15
エクスプロイト可能
Core Impact
Metasploit (Apple QuickTime TeXML Style Element Stack Buffer Overflow)
参照情報
CVE: CVE-2011-3458, CVE-2011-3459, CVE-2011-3460, CVE-2012-0265, CVE-2012-0658, CVE-2012-0659, CVE-2012-0660, CVE-2012-0661, CVE-2012-0663, CVE-2012-0664, CVE-2012-0665, CVE-2012-0666, CVE-2012-0667, CVE-2012-0668, CVE-2012-0669, CVE-2012-0670, CVE-2012-0671
BID: 53465, 53467, 53469, 53571, 53574, 53576, 53577, 53578, 53579, 53580, 53582, 53583, 53584