Lucene search

[email protected]NVD:CVE-2007-0059

HistoryJan 05, 2007 - 12:28 a.m.

CVE-2007-0059

2007-01-0500:28:00

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.7

Confidence

High

EPSS

0.124

Percentile

95.4%

JSON

Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm.

Affected configurations

Nvd

Node

applequicktimeRange≤7.1.3

applequicktimeMatch3.0

VendorProductVersionCPE
applequicktime*cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*
applequicktime3.0cpe:2.3:a:apple:quicktime:3.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	quicktime	*	cpe:2.3:a:apple:quicktime::::::::
apple	quicktime	3.0	cpe:2.3:a:apple:quicktime:3.0:::::::*

References

docs.info.apple.com/article.html?artnum=305149

lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html

osvdb.org/31164

projects.info-pull.com/moab/MOAB-03-01-2007.html

www.gnucitizen.org/blog/backdooring-quicktime-movies/

www.kb.cert.org/vuls/id/304064

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.7

Confidence

High

EPSS

0.124

Percentile

95.4%

JSON

Related for NVD:CVE-2007-0059

cvelist1 exploitdb1 securityvulns1 cert1 prion1 cve1 nessus1