Vulnerabilities > CVE-2005-2753 - Numeric Errors vulnerability in Apple Quicktime

047910
CVSS 5.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
high complexity
apple
CWE-189
nessus

Summary

Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file that causes a sign extension of the length element in a Pascal style string.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_QUICKTIME703.NASL
    descriptionThe remote Mac OS X host is running a version of Quicktime 7 which is older than Quicktime 7.0.3. The remote version of this software is vulnerable to various buffer overflows which may allow an attacker to execute arbitrary code on the remote host by sending a malformed file to a victim and have him open it using QuickTime player.
    last seen2020-06-01
    modified2020-06-02
    plugin id20135
    published2005-11-04
    reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20135
    titleQuicktime < 7.0.3 Multiple Vulnerabilities (Mac OS X)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    if ( ! defined_func("bn_random") ) exit(0);
    
    include("compat.inc");
    
    if(description)
    {
     script_id(20135);
     script_version ("1.18");
    
     script_cve_id("CVE-2005-2753", "CVE-2005-2754", "CVE-2005-2755", "CVE-2005-2756");
     script_bugtraq_id(15306, 15307, 15308, 15309);
    
     script_name(english:"Quicktime < 7.0.3 Multiple Vulnerabilities (Mac OS X)");
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote version of QuickTime may allow an attacker to execute arbitrary
    code on the remote host." );
     script_set_attribute(attribute:"description", value:
    "The remote Mac OS X host is running a version of Quicktime 7 which is older
    than Quicktime 7.0.3.
    
    The remote version of this software is vulnerable to various buffer overflows 
    which may allow an attacker to execute arbitrary code on the remote host by
    sending a malformed file to a victim and have him open it using QuickTime 
    player." );
     script_set_attribute(attribute:"solution", value:
    "Install Quicktime 7.0.3 or later." );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
     script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"false");
     # http://web.archive.org/web/20060419122232/http://docs.info.apple.com/article.html?artnum=302772
     script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?49086446" );
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2005/11/04");
     script_set_attribute(attribute:"vuln_publication_date", value: "2005/11/03");
     script_set_attribute(attribute:"patch_publication_date", value: "2005/11/02");
     script_cvs_date("Date: 2018/07/14  1:59:35");
    script_set_attribute(attribute:"plugin_type", value:"local");
    script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:quicktime");
    script_end_attributes();
    
     script_summary(english:"Check for Quicktime 7.0.3");
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
     script_family(english:"MacOS X Local Security Checks");
     script_dependencies("macosx_Quicktime652.nasl");
     script_require_keys("MacOSX/QuickTime/Version");
     exit(0);
    }
    
    #
    
    ver = get_kb_item("MacOSX/QuickTime/Version");
    if (! ver ) exit(0);
    
    version = split(ver, sep:'.', keep:FALSE);
    if ( int(version[0]) == 7 && int(version[1]) == 0 && int(version[2]) < 3 ) security_warning(0);
    
  • NASL familyWindows
    NASL idQUICKTIME_PLAYER_OVERFLOW2.NASL
    descriptionThe remote Windows host is running a version of QuickTime that is older than QuickTime 7.0.3. The remote version of this software is reportedly vulnerable to various buffer overflows that may allow an attacker to execute arbitrary code on the remote host by sending a malformed file to a victim and have him open it using QuickTime player.
    last seen2020-06-01
    modified2020-06-02
    plugin id20136
    published2005-11-04
    reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20136
    titleQuickTime < 7.0.3 Multiple Vulnerabilities (Windows)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    include("compat.inc");
    
    if(description)
    {
     script_id(20136);
     script_version ("1.14");
     script_cve_id("CVE-2005-2753", "CVE-2005-2754", "CVE-2005-2755", "CVE-2005-2756");
     script_bugtraq_id(15306, 15307, 15308, 15309);
    
     script_name(english:"QuickTime < 7.0.3 Multiple Vulnerabilities (Windows)");
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote version of QuickTime may allow an attacker to execute
    arbitrary code on the remote host." );
     script_set_attribute(attribute:"description", value:
    "The remote Windows host is running a version of QuickTime that is
    older than QuickTime 7.0.3. 
    
    The remote version of this software is reportedly vulnerable to
    various buffer overflows that may allow an attacker to execute
    arbitrary code on the remote host by sending a malformed file to a
    victim and have him open it using QuickTime player." );
     script_set_attribute(attribute:"see_also", value:"https://support.apple.com/?artnum=302772" );
     script_set_attribute(attribute:"solution", value:
    "Upgrade to QuickTime 7.0.3 or later." );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
     script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"false");
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2005/11/04");
     script_set_attribute(attribute:"vuln_publication_date", value: "2005/11/03");
     script_cvs_date("Date: 2018/11/15 20:50:28");
    script_set_attribute(attribute:"plugin_type", value:"local");
    script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:quicktime");
    script_end_attributes();
    
     script_summary(english:"Check for QuickTime < 7.0.3");
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
     script_family(english:"Windows");
     script_dependencies("quicktime_installed.nasl");
     script_require_keys("SMB/QuickTime/Version");
     exit(0);
    }
    
    
    ver = get_kb_item("SMB/QuickTime/Version");
    if (ver && ver =~ "^([0-6]\.|7\.0\.[0-2])") security_hole(get_kb_item("SMB/transport"));