Vulnerabilities > CVE-2007-0059 - Remote Security vulnerability in QuickTime Player
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm.
Vulnerable Configurations
Nessus
NASL family | Windows |
NASL id | QUICKTIME_715.NASL |
description | According to its version, the installation of QuickTime on the remote Windows host is affected by multiple buffer overflows. An attacker may be able to leverage these issues to crash the affected application or to execute arbitrary code on the remote host by sending a specially crafted file to a victim and having him open it using QuickTime. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 24761 |
published | 2007-03-06 |
reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/24761 |
title | QuickTime < 7.1.5 Multiple Vulnerabilities (Windows) |
code |
|
Statements
contributor | Ron Dumont |
lastmodified | 2007-03-19 |
organization | Apple |
statement | This issue is addressed in QuickTime 7.1.5, which was released on March 5. Information on the security fixes provided in QuickTime 7.1.5, and links to obtain the update are provided in: http://docs.info.apple.com/article.html?artnum=305149 |
References
- http://docs.info.apple.com/article.html?artnum=305149
- http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html
- http://osvdb.org/31164
- http://projects.info-pull.com/moab/MOAB-03-01-2007.html
- http://www.gnucitizen.org/blog/backdooring-quicktime-movies/
- http://www.kb.cert.org/vuls/id/304064