Executive Summary
Summary | |
---|---|
Title | Apple QuickTime remote command execution vulnerability |
Informations | |||
---|---|---|---|
Name | VU#751808 | First vendor Publication | 2007-09-13 |
Vendor | VU-CERT | Last vendor Modification | 2007-10-04 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#751808Apple QuickTime remote command execution vulnerabilityOverviewApple QuickTime contains a vulnerability that may allow an attacker to pass arbitrary commands to other applications.I. DescriptionApple QuickTime is a media player that is available for Microsoft Windows and Apple OS X. Apple QuickTime includes browser plugins for Internet Explorer, Safari, and Netscape-compatible browsers.QuickTime includes the ability for developers to control how QuickTime movies are launched, what controls are displayed to the user, and other actions. To specify these parameters, developers can create QuickTime link (.qtl) files. QuickTime link files can be embedded in web pages and launched automatically when a user visits a website. Restrict access to QuickTime Movies
Systems Affected
References
This vulnerability was disclosed by pdp on the GNUCITIZEN website. This document was written by Ryan Giobbi and Will Dormann.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/751808 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
50 % | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for Mozilla File : nvt/sles9p5018527.nasl |
2009-01-28 | Name : SuSE Update for MozillaFirefox,mozilla,seamonkey SUSE-SA:2007:057 File : nvt/gb_suse_2007_057.nasl |
2008-09-04 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox28.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
40434 | Apple Quicktime for Windows Crafted QTL File qtnext Field Remote Command Exec... |
29064 | Apple QuickTime Plug-In .qtl File qtnext Field XCS |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Apple QuickTime Movie link file URI security bypass attempt RuleID : 9430 - Revision : 14 - Type : FILE-MULTIMEDIA |
2014-01-10 | Apple QuickTime Movie link scripting security bypass attempt RuleID : 9429 - Revision : 9 - Type : FILE-MULTIMEDIA |
2014-01-10 | Apple Quicktime Plug-In Security Bypass RuleID : 17290 - Revision : 7 - Type : WEB-CLIENT |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-4570.nasl - Type : ACT_GATHER_INFO |
2007-10-26 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-4596.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-4594.nasl - Type : ACT_GATHER_INFO |
2007-10-24 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-4572.nasl - Type : ACT_GATHER_INFO |
2007-10-24 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-4574.nasl - Type : ACT_GATHER_INFO |
2007-10-04 | Name : The remote Windows host contains an application that allows remote code execu... File : quicktime_72_secupd.nasl - Type : ACT_GATHER_INFO |
2007-09-24 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_3ce8c7e266cf11dcb25f02e0185f8d72.nasl - Type : ACT_GATHER_INFO |
2007-09-20 | Name : The remote Windows host contains a web browser that may allow arbitrary code ... File : mozilla_firefox_2007.nasl - Type : ACT_GATHER_INFO |
2007-03-06 | Name : The remote Windows host contains an application that is prone to multiple att... File : quicktime_715.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2013-05-11 12:26:43 |
|