Vulnerabilities > CVE-2005-1579 - Information Disclosure vulnerability in Apple Quicktime 7.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to obtain sensitive information via a .mov file with a Quartz Composer composition (.qtz) file that uses certain patches to read local information, then other patches to send the information to the attacker.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | MacOS X Local Security Checks |
NASL id | MACOSX_QUICKTIME701.NASL |
description | The remote Mac OS X host is running a version of Quicktime 7 which is older than Quicktime 7.0.1. The remote version of this software is vulnerable to an information disclosure flaw when handling Quartz Composer files which may leak data to an arbitrary web location. To exploit this flaw, an attacker would need to lure a user on the remote host into viewing a specially crafted Quartz Composer object. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 18521 |
published | 2005-06-17 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/18521 |
title | Quicktime < 7.0.1 Quartz Composer Information Disclosure (Mac OS X) |
code |
|
References
- http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0265.html
- http://docs.info.apple.com/article.html?artnum=301714
- http://lists.apple.com/archives/quartzcomposer-dev/2005/May/msg00250.html
- http://lists.apple.com/archives/quartzcomposer-dev/2005/May/msg00263.html
- http://lists.apple.com/archives/security-announce/2005/May/msg00006.html
- http://remahl.se/david/vuln/018
- http://secunia.com/advisories/15307
- http://securitytracker.com/id?1013961
- http://www.osvdb.org/16376
- http://www.securityfocus.com/bid/13603
- http://www.vupen.com/english/advisories/2005/0531