Lucene search

[email protected]CVE-2006-4965

HistorySep 25, 2006 - 12:07 a.m.

CVE-2006-4965

2006-09-2500:07:00

CWE-94

[email protected]

web.nvd.nist.gov

apple

quicktime

remote attack

arbitrary code execution

javascript

qtl file

security vulnerability

6.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.02 Low

EPSS

Percentile

88.6%

JSON

Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer.

CPENameOperatorVersion
apple:quicktimeapple quicktimeeq7.1.3

CPE	Name	Operator	Version
apple:quicktime	apple quicktime	eq	7.1.3

References

docs.info.apple.com/article.html?artnum=305149

lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html

secunia.com/advisories/22048

secunia.com/advisories/27414

securityreason.com/securityalert/1631

www.gnucitizen.org/blog/0day-quicktime-pwns-firefox

www.gnucitizen.org/blog/backdooring-mp3-files/

www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up

www.kb.cert.org/vuls/id/751808

www.securityfocus.com/archive/1/446750/100/0/threaded

www.securityfocus.com/archive/1/453756/100/0/threaded

www.securityfocus.com/archive/1/479179/100/0/threaded

www.securityfocus.com/bid/20138

www.securitytracker.com/id?1018687

www.vupen.com/english/advisories/2007/3155

6.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.02 Low

EPSS

Percentile

88.6%

JSON

Related for CVE-2006-4965

openvas5 mozilla1 nessus8 freebsd1 checkpoint_advisories1 cve2 ubuntucve1 prion2 suse1