|
|
CVE Reference: CVE-2007-5045 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-5045 |
|
|
Description: Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter containing the Firefox "-chrome" argument. NOTE: this is a related issue to CVE-2006-4965 and the result of an incomplete fix for CVE-2007-3670. |
|
|
CVE Status: Candidate |
|
|
References: SUSE http://www.novell.com/linux/security/advisories/2007_57_mozilla.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1 SAID Secunia Advisory: SA26881 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5896 MISC http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox HP http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 CONFIRM http://www.mozilla.org/security/announce/2007/mfsa2007-28.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/479179/100/0/threaded |
|
| Return to the previous page. |
