CVE Vulnerability

CVE-2007-0059

Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm.

6.8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://projects.info-pull.com/moab/MOAB-03-01-2007.html Exploit
http://www.gnucitizen.org/blog/backdooring-quicktime-movies/ Vendor Advisory
http://www.kb.cert.org/vuls/id/304064 US Government Resource
http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html
http://docs.info.apple.com/article.html?artnum=305149
http://osvdb.org/31164
Configurations

Configuration 1

cpe:2.3:a:apple:quicktime:3.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*
Information

Published : 2007-01-05 12:28

Updated : 2018-10-30 04:25

NVD link : CVE-2007-0059

Mitre link : CVE-2007-0059

Products Affected
No products.
CWE
NVD-CWE-Other