Vulnerabilities > CVE-2007-2389 - Information Disclosure vulnerability in Apple Quicktime 7.1.6

047910
CVSS 7.1 - HIGH
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
NONE
Availability impact
NONE
network
apple
microsoft
nessus

Summary

Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets.

Nessus

  • NASL familyWindows
    NASL idQUICKTIME_716_SECUPD.NASL
    descriptionThe version of QuickTime installed on the remote Windows host is less than 7.1.6.200, the version associated with Apple
    last seen2020-06-01
    modified2020-06-02
    plugin id25347
    published2007-05-30
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25347
    titleQuickTime < 7.1.6 Security Update (Windows)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    
    include("compat.inc");
    
    if (description)
    {
      script_id(25347);
      script_version("1.12");
    
      script_cve_id("CVE-2007-2388", "CVE-2007-2389");
      script_bugtraq_id(24221, 24222);
    
      script_name(english:"QuickTime < 7.1.6 Security Update (Windows)");
      script_summary(english:"Checks version of QuickTime on Windows");
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains an application that is affected by
    multiple issues." );
     script_set_attribute(attribute:"description", value:
    "The version of QuickTime installed on the remote Windows host is less
    than 7.1.6.200, the version associated with Apple's Security Update
    (QuickTime 7.1.6).  As a result, a remote attacker who can trick a
    user on the affected system into opening a malicious Java applet using
    QuickTime may be able to execute arbitrary code remotely subject to
    the user's privileges or to gain read access to the web browser's
    memory." );
     script_set_attribute(attribute:"see_also", value:"https://support.apple.com/?artnum=305531" );
     script_set_attribute(attribute:"see_also", value:"https://lists.apple.com/archives/security-announce/2007/May/msg00005.html" );
     script_set_attribute(attribute:"solution", value:
    "Either use QuickTime's Software Update preference to upgrade to the
    latest version or apply Apple's Security Update (QuickTime 7.1.6) or
    later." );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
     script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"false");
     script_cwe_id(264);
    
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2007/05/30");
     script_set_attribute(attribute:"vuln_publication_date", value: "2007/05/29");
     script_cvs_date("Date: 2018/11/15 20:50:28");
    script_set_attribute(attribute:"plugin_type", value:"local");
    script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:quicktime");
    script_end_attributes();
    
     
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
     
      script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
    
      script_dependencies("quicktime_installed.nasl");
      script_require_keys("SMB/QuickTime/Version");
    
      exit(0);
    }
    
    
    ver = get_kb_item("SMB/QuickTime/Version");
    if (isnull(ver)) exit(0);
    
    iver = split(ver, sep:'.', keep:FALSE);
    for (i=0; i<max_index(iver); i++)
      iver[i] = int(iver[i]);
    
    if (
      iver[0] < 7 ||
      (
        iver[0] == 7 &&
        (
          iver[1] < 1 ||
          (
            iver[1] == 1 &&
            (
              iver[2] < 6 ||
              (iver[2] == 6 && iver[3] < 200)
            )
          )
        )
      )
    ) 
    {
      report = string(
        "Version ", ver, " of QuickTime is currently installed\n",
        "on the remote host.\n"
      );
      security_hole(port:get_kb_item("SMB/transport"), extra:report);
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_QUICKTIME716_SECUPD.NASL
    descriptionAccording to its version, the installation of Quicktime on the remote Mac OS X host that contains a bug which might allow a rogue Java program to write anywhere in the heap. An attacker may be able to leverage these issues to execute arbitrary code on the remote host by luring a victim into visiting a rogue page containing a malicious Java applet.
    last seen2020-06-01
    modified2020-06-02
    plugin id25346
    published2007-05-30
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25346
    titleQuicktime Multiple Vulnerabilities (Mac OS X 7.1.6 Security Update)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    if ( ! defined_func("bn_random") ) exit(0);
    
    
    include("compat.inc");
    
    if(description)
    {
     script_id(25346);
     script_version ("1.13");
    
     script_cve_id("CVE-2007-2388", "CVE-2007-2389");
     script_bugtraq_id(24221, 24222);
    
     script_name(english:"Quicktime Multiple Vulnerabilities (Mac OS X 7.1.6 Security Update)");
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote Mac OS X host contains an application that is prone to
    multiple attacks." );
     script_set_attribute(attribute:"description", value:
    "According to its version, the installation of Quicktime on the remote
    Mac OS X host that contains a bug which might allow a rogue Java 
    program to write anywhere in the heap.
    
    An attacker may be able to leverage these issues to execute arbitrary 
    code on the remote host by luring a victim into visiting a rogue page
    containing a malicious Java applet." );
     # http://web.archive.org/web/20070714134644/http://docs.info.apple.com/article.html?artnum=305531
     script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3f11b9bd" );
     script_set_attribute(attribute:"solution", value:
    "Install the Quicktime 7.1.6 Security Update." );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
     script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"false");
     script_cwe_id(264);
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2007/05/30");
     script_set_attribute(attribute:"vuln_publication_date", value: "2007/05/29");
     script_set_attribute(attribute:"patch_publication_date", value: "2007/05/19");
     script_cvs_date("Date: 2018/07/14  1:59:35");
    script_set_attribute(attribute:"plugin_type", value:"local");
    script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:quicktime");
    script_end_attributes();
    
     script_summary(english:"Check for Quicktime 7.1.6 Security Update");
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
     script_family(english:"MacOS X Local Security Checks");
     script_dependencies("macosx_Quicktime652.nasl");
     script_require_keys("MacOSX/QuickTime/Version");
     exit(0);
    }
    
    #
    
    ver = get_kb_item("MacOSX/QuickTime/Version");
    if (! ver ) exit(0);
    
    packages = get_kb_item("Host/MacOSX/packages");
    if ( ! packages ) exit(0);
    
    
    
    version = split(ver, sep:'.', keep:FALSE);
    if ( (int(version[0]) == 7 && int(version[1]) == 1 && int(version[2]) == 6) )
    {
     if ( ! egrep(pattern:"^SecUpdQuickTime716\.pkg", string:packages) )
    	security_hole(0);
    }
    
  • NASL familyWindows
    NASL idQUICKTIME_72.NASL
    descriptionThe version of QuickTime installed on the remote Windows host is older than 7.2. Such versions contain several vulnerabilities that may allow an attacker to execute arbitrary code on the remote host if he can trick the user to open a specially crafted file with QuickTime.
    last seen2020-06-01
    modified2020-06-02
    plugin id25703
    published2007-07-12
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25703
    titleQuickTime < 7.2 Multiple Vulnerabilities (Windows)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    
    include("compat.inc");
    
    if (description)
    {
      script_id(25703);
      script_version("1.18");
    
      script_cve_id("CVE-2007-2295", "CVE-2007-2296", "CVE-2007-2388", "CVE-2007-2389",
                    "CVE-2007-2393", "CVE-2007-2396", "CVE-2007-2397", "CVE-2007-2402"
      );
      script_bugtraq_id(23650, 23652, 24221, 24222, 24873);
    
      script_name(english:"QuickTime < 7.2 Multiple Vulnerabilities (Windows)");
      script_summary(english:"Checks version of QuickTime on Windows");
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains an application that is affected by
    multiple issues." );
     script_set_attribute(attribute:"description", value:
    "The version of QuickTime installed on the remote Windows host is older
    than 7.2.  Such versions contain several vulnerabilities that may
    allow an attacker to execute arbitrary code on the remote host if he
    can trick the user to open a specially crafted file with QuickTime." );
     script_set_attribute(attribute:"see_also", value:"http://seclists.org/fulldisclosure/2007/Jul/243" );
     script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=305947" );
     script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2007/Jul/msg00001.html" );
     script_set_attribute(attribute:"solution", value:
    "Either use QuickTime's Software Update preference to upgrade to the
    latest version or manually upgrade to QuickTime 7.2 or later." );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
     script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"false");
     script_cwe_id(119, 189, 200, 264);
    
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2007/07/12");
     script_set_attribute(attribute:"vuln_publication_date", value: "2007/04/25");
     script_cvs_date("Date: 2018/07/25 18:58:06");
    script_set_attribute(attribute:"plugin_type", value:"local");
    script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:quicktime");
    script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
      script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
      script_dependencies("quicktime_installed.nasl");
      script_require_keys("SMB/QuickTime/Version");
      exit(0);
    }
    
    #
    
    ver = get_kb_item("SMB/QuickTime/Version");
    if (isnull(ver)) exit(0);
    
    iver = split(ver, sep:'.', keep:FALSE);
    for (i=0; i<max_index(iver); i++)
      iver[i] = int(iver[i]);
    
    if (iver[0] < 7 || (iver[0] == 7 && iver[1] < 2)) 
    {
      report = string(
        "Version ", ver, " of QuickTime is currently installed\n",
        "on the remote host.\n"
      );
      security_hole(port:get_kb_item("SMB/transport"), extra:report);
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_QUICKTIME72.NASL
    descriptionThe version of QuickTime installed on the remote Mac OS X host is older than 7.2. Such versions contain several vulnerabilities that may allow an attacker to execute arbitrary code on the remote host if he can trick the user to open a specially crafted file with QuickTime.
    last seen2020-06-01
    modified2020-06-02
    plugin id25704
    published2007-07-12
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25704
    titleQuickTime < 7.2 Multiple Vulnerabilities (Mac OS X)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    if ( ! defined_func("bn_random") ) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(25704);
      script_version("1.20");
    
      script_cve_id("CVE-2007-2295", "CVE-2007-2296", "CVE-2007-2388", "CVE-2007-2389", "CVE-2007-2392",
                    "CVE-2007-2393", "CVE-2007-2394", "CVE-2007-2396", "CVE-2007-2397", "CVE-2007-2402");
      script_bugtraq_id(23650, 23652, 24221, 24222, 24873);
    
      script_name(english:"QuickTime < 7.2 Multiple Vulnerabilities (Mac OS X)");
      script_summary(english:"Checks version of QuickTime on Mac OS X");
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote Mac OS X host contains an application that is affected by
    multiple issues." );
     script_set_attribute(attribute:"description", value:
    "The version of QuickTime installed on the remote Mac OS X host is older
    than 7.2.  Such versions contain several vulnerabilities that may
    allow an attacker to execute arbitrary code on the remote host if he
    can trick the user to open a specially crafted file with QuickTime." );
     script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=305947" );
     script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2007/Jul/msg00001.html" );
     script_set_attribute(attribute:"see_also", value:"http://seclists.org/fulldisclosure/2007/Jul/243" );
     script_set_attribute(attribute:"solution", value:
    "Either use QuickTime's Software Update preference to upgrade to the
    latest version or manually upgrade to QuickTime 7.2 or later." );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
     script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"true");
     script_cwe_id(119, 189, 200, 264);
     script_set_attribute(attribute:"plugin_publication_date", value: "2007/07/12");
     script_set_attribute(attribute:"vuln_publication_date", value: "2007/04/25");
     script_cvs_date("Date: 2018/07/14  1:59:35");
     script_set_attribute(attribute:"patch_publication_date", value: "2007/07/11");
     script_set_attribute(attribute:"plugin_type", value:"local");
     script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:quicktime");
     script_end_attributes();
    
     
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
      script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
      script_dependencies("macosx_Quicktime652.nasl");
      script_require_keys("MacOSX/QuickTime/Version");
      exit(0);
    }
    
    #
    
    ver = get_kb_item("MacOSX/QuickTime/Version");
    if (! ver ) exit(0);
    
    version = split(ver, sep:'.', keep:FALSE);
    if ( (int(version[0]) < 7) ||
         (int(version[0]) == 7 && int(version[1]) < 2 ) ) security_hole(0);