Vulnerabilities > CVE-2004-0926 - Multiple Security vulnerability in Apple Mac OS X

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

easy-software-products

apple

critical

nessus

NVD

Published: 2005-01-27

Updated: 2008-09-05

Summary

Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through 10.3.5 may allow remote attackers to execute arbitrary code via a certain BMP image.

Vulnerable Configurations

Part	Description	Count
Application	Easy_Software_Products Easy Software Products Cups 1.0.4 Easy Software Products Cups 1.0.4_8 Easy Software Products Cups 1.1.1 Easy Software Products Cups 1.1.4 Easy Software Products Cups 1.1.4_2 Easy Software Products Cups 1.1.4_3 Easy Software Products Cups 1.1.4_5 Easy Software Products Cups 1.1.6 Easy Software Products Cups 1.1.7 Easy Software Products Cups 1.1.10 Easy Software Products Cups 1.1.12 Easy Software Products Cups 1.1.13 Easy Software Products Cups 1.1.14 Easy Software Products Cups 1.1.15 Easy Software Products Cups 1.1.16 Easy Software Products Cups 1.1.17 Easy Software Products Cups 1.1.18 Easy Software Products Cups 1.1.19 Easy Software Products Cups 1.1.19_Rc5 Easy Software Products Cups 1.1.20 Easy Software Products Cups 1.1.21	21
OS	Apple Apple MAC OS X 10.2 Apple MAC OS X 10.2.1 Apple MAC OS X 10.2.2 Apple MAC OS X 10.2.3 Apple MAC OS X 10.2.4 Apple MAC OS X 10.2.5 Apple MAC OS X 10.2.6 Apple MAC OS X 10.2.7 Apple MAC OS X 10.2.8 Apple MAC OS X 10.3 Apple MAC OS X 10.3.1 Apple MAC OS X 10.3.2 Apple MAC OS X 10.3.3 Apple MAC OS X 10.3.4 Apple MAC OS X 10.3.5 Apple MAC OS X Server 10.2 Apple MAC OS X Server 10.2.1 Apple MAC OS X Server 10.2.2 Apple MAC OS X Server 10.2.3 Apple MAC OS X Server 10.2.4 Apple MAC OS X Server 10.2.5 Apple MAC OS X Server 10.2.6 Apple MAC OS X Server 10.2.7 Apple MAC OS X Server 10.2.8 Apple MAC OS X Server 10.3 Apple MAC OS X Server 10.3.1 Apple MAC OS X Server 10.3.2 Apple MAC OS X Server 10.3.3 Apple MAC OS X Server 10.3.4 Apple MAC OS X Server 10.3.5	30

Nessus

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_SECUPD20040930.NASL
description	The remote host is missing Security Update 2004-09-30. This security update contains a number of fixes for the following programs : - AFP Server - CUPS - NetInfoManager - postfix - QuickTime - ServerAdmin These programs have multiple vulnerabilities which may allow a remote attacker to execute arbitrary code.
last seen	2020-06-01
modified	2020-06-02
plugin id	15420
published	2004-10-04
reporter	This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15420
title	Mac OS X Multiple Vulnerabilities (Security Update 2004-09-30)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_QUICKTIME652.NASL
description	The remote Mac OS X host is running a version of Quicktime that is older than Quicktime 6.5.2. The remote version of this software reportedly fails to check bounds properly when decoding BMP images, leading to a heap overflow. If a remote attacker can trick a user into opening a maliciously crafted BMP file using the affected application, this issue could be leveraged to execute arbitrary code on the affected host.
last seen	2020-03-18
modified	2004-10-27
plugin id	15573
published	2004-10-27
reporter	This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15573
title	Quicktime < 6.5.2

Summary

Vulnerable Configurations

Nessus

References