|
|
CVE Reference: CVE-2006-4965 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-4965 |
|
|
Description: Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer. |
|
|
CVE Status: Candidate |
|
|
References: ST 1018687 SREASON http://securityreason.com/securityalert/1631 SAID Secunia Advisory: SA22048 Secunia Advisory: SA27414 MISC http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox http://www.gnucitizen.org/blog/backdooring-mp3-files/ http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up CONFIRM http://docs.info.apple.com/article.html?artnum=305149 CERT-VN 751808 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/479179/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/453756/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/446750/100/0/threaded BID 20138 APPLE http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html |
|
| Return to the previous page. |
