Lucene search

[email protected]CVE-2007-0059

HistoryJan 05, 2007 - 12:28 a.m.

CVE-2007-0059

2007-01-0500:28:00

[email protected]

web.nvd.nist.gov

cve-2007-0059

cross-zone scripting

apple quicktime

vulnerability

remote attackers

arbitrary code

filesystem contents

quicktime movie

href track

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

High

0.124 Low

EPSS

Percentile

95.4%

JSON

Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm.

Affected configurations

NVD

Node

applequicktimeRange≤7.1.3

applequicktimeMatch3.0

CPENameOperatorVersion
apple:quicktimeapple quicktimele7.1.3
apple:quicktimeapple quicktimeeq3.0

CPE	Name	Operator	Version
apple:quicktime	apple quicktime	le	7.1.3
apple:quicktime	apple quicktime	eq	3.0

References

docs.info.apple.com/article.html?artnum=305149

lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html

osvdb.org/31164

projects.info-pull.com/moab/MOAB-03-01-2007.html

www.gnucitizen.org/blog/backdooring-quicktime-movies/

www.kb.cert.org/vuls/id/304064

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

High

0.124 Low

EPSS

Percentile

95.4%

JSON

Related for CVE-2007-0059

cert1 securityvulns1 cvelist1 nvd1 prion1 nessus1