Lucene search

MitreCVE-2007-0059

HistoryJan 05, 2007 - 12:28 a.m.

CVE-2007-0059

2007-01-0500:28:00

mitre

web.nvd.nist.gov

cve-2007-0059

cross-zone scripting

apple quicktime

vulnerability

remote attackers

arbitrary code

filesystem contents

quicktime movie

href track

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.7

Confidence

High

EPSS

0.124

Percentile

95.4%

JSON

Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm.

Affected configurations

Nvd

Node

applequicktimeRange≤7.1.3

applequicktimeMatch3.0

VendorProductVersionCPE
applequicktime*cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*
applequicktime3.0cpe:2.3:a:apple:quicktime:3.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	quicktime	*	cpe:2.3:a:apple:quicktime::::::::
apple	quicktime	3.0	cpe:2.3:a:apple:quicktime:3.0:::::::*

References

docs.info.apple.com/article.html?artnum=305149

lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html

osvdb.org/31164

projects.info-pull.com/moab/MOAB-03-01-2007.html

www.gnucitizen.org/blog/backdooring-quicktime-movies/

www.kb.cert.org/vuls/id/304064

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.7

Confidence

High

EPSS

0.124

Percentile

95.4%

JSON

Related for CVE-2007-0059