CVE-2007-0059
Published Jan 5, 2007
Last updated 6 years ago
Overview
- Description
- Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Vendor comments
- AppleThis issue is addressed in QuickTime 7.1.5, which was released on March 5. Information on the security fixes provided in QuickTime 7.1.5, and links to obtain the update are provided in: http://docs.info.apple.com/article.html?artnum=305149
Configurations
[ { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B57D423B-5763-45AA-899F-09A553E962BD", "versionEndIncluding": "7.1.3" }, { "criteria": "cpe:2.3:a:apple:quicktime:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8F310A8-F760-4059-987D-42369F360DE4" } ], "operator": "OR" } ] } ]