| Vulnerability Name: | CVE-2006-4965 (CCN-35178) | ||||||||
| Assigned: | 2006-06-20 | ||||||||
| Published: | 2006-06-20 | ||||||||
| Updated: | 2018-10-17 | ||||||||
| Summary: | Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. Note: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer. | ||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N) 4.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:F/RL:U/RC:UR)
4.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:F/RL:U/RC:UR)
| ||||||||
| Vulnerability Type: | CWE-94 | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Wed Sep 20 2006 - 16:49:41 CDT Backdooring MP3 files (plus QuickTime issues and Cross-context Scripting) Source: CCN Type: BugTraq Mailing List, Wed Dec 06 2006 - 21:29:38 CST New MySpace worm could be on its way Source: CCN Type: BugTraq Mailing List, Wed Sep 12 2007 - 07:13:00 CDT 0DAY: QuickTime pwns Firefox Source: MITRE Type: CNA CVE-2006-4965 Source: MITRE Type: CNA CVE-2007-5045 Source: CCN Type: Apple Web site About the security content of QuickTime 7.1.5 Source: CONFIRM Type: UNKNOWN http://docs.info.apple.com/article.html?artnum=305149 Source: APPLE Type: UNKNOWN APPLE-SA-2007-03-05 Source: CCN Type: SA22048 Apple QuickTime "qtnext" Input Validation Vulnerability Source: SECUNIA Type: Exploit, Vendor Advisory 22048 Source: CCN Type: SA26881 Firefox "-chrome" Parameter Security Issue Source: SECUNIA Type: Vendor Advisory 27414 Source: SREASON Type: UNKNOWN 1631 Source: CCN Type: SECTRACK ID: 1018687 QuickTime `qtnext` Parameter Lets Remote Users Execute Arbitrary Commands Source: CCN Type: ASA-2008-008 Multiple Security Vulnerabilities in Firefox and Thunderbird for Solaris 10 May Allow Execution of Arbitrary Code and Access to Unauthorized Data (Sun 103177) Source: MISC Type: UNKNOWN http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox Source: MISC Type: Exploit http://www.gnucitizen.org/blog/backdooring-mp3-files/ Source: MISC Type: UNKNOWN http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up Source: CCN Type: US-CERT VU#751808 Apple QuickTime remote command execution vulnerability Source: CERT-VN Type: US Government Resource VU#751808 Source: CCN Type: MFSA 2007-28 Code execution via QuickTime Media-link files Source: CCN Type: OSVDB ID: 29064 Apple QuickTime Plug-In .qtl File qtnext Field XCS Source: CCN Type: OSVDB ID: 40434 Apple Quicktime for Windows Crafted QTL File qtnext Field Remote Command Execution Source: BUGTRAQ Type: UNKNOWN 20060920 Backdooring MP3 files (plus QuickTime issues and Cross-context Scripting) Source: BUGTRAQ Type: UNKNOWN 20061207 New MySpace worm could be on its way Source: BUGTRAQ Type: UNKNOWN 20070912 0DAY: QuickTime pwns Firefox Source: BID Type: Exploit 20138 Source: CCN Type: BID-20138 Apple QuickTime Plug-In Arbitrary Script Execution Weakness Source: SECTRACK Type: UNKNOWN 1018687 Source: VUPEN Type: UNKNOWN ADV-2007-3155 Source: XF Type: UNKNOWN quicktime-qtl-security-bypass(35178) Source: SUSE Type: SUSE-SA:2007:057 Mozilla Security Update | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||