Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2007-0059
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-05 Jan, 2007 | 00:28
Updated At-30 Oct, 2018 | 16:25

Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches

Apple Inc.
apple
>>quicktime>>Versions up to 7.1.3(inclusive)
cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>quicktime>>3.0
cpe:2.3:a:apple:quicktime:3.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

Organization : Apple
Last Modified : 2007-03-19T00:00:00

This issue is addressed in QuickTime 7.1.5, which was released on March 5. Information on the security fixes provided in QuickTime 7.1.5, and links to obtain the update are provided in: http://docs.info.apple.com/article.html?artnum=305149

References
HyperlinkSourceResource
http://docs.info.apple.com/article.html?artnum=305149cve@mitre.org
N/A
http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.htmlcve@mitre.org
N/A
http://osvdb.org/31164cve@mitre.org
N/A
http://projects.info-pull.com/moab/MOAB-03-01-2007.htmlcve@mitre.org
Exploit
http://www.gnucitizen.org/blog/backdooring-quicktime-movies/cve@mitre.org
Vendor Advisory
http://www.kb.cert.org/vuls/id/304064cve@mitre.org
US Government Resource
Hyperlink: http://docs.info.apple.com/article.html?artnum=305149
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://osvdb.org/31164
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://projects.info-pull.com/moab/MOAB-03-01-2007.html
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://www.gnucitizen.org/blog/backdooring-quicktime-movies/
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.kb.cert.org/vuls/id/304064
Source: cve@mitre.org
Resource:
US Government Resource
Change History
0Changes found

Details not found