Vulnerability Details : CVE-2006-4965
Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer.
Exploit prediction scoring system (EPSS) score for CVE-2006-4965
Probability of exploitation activity in the next 30 days: 1.98%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 87 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2006-4965
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2006-4965
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-4965
-
http://www.gnucitizen.org/blog/backdooring-mp3-files/
Exploit
- http://www.securityfocus.com/archive/1/479179/100/0/threaded
-
http://www.securityfocus.com/archive/1/446750/100/0/threaded
- http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox
- http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html
-
http://www.kb.cert.org/vuls/id/751808
US Government Resource
-
http://www.securityfocus.com/bid/20138
Exploit
- http://docs.info.apple.com/article.html?artnum=305149
-
http://securityreason.com/securityalert/1631
-
http://www.vupen.com/english/advisories/2007/3155
-
http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up
-
http://www.securitytracker.com/id?1018687
-
http://www.securityfocus.com/archive/1/453756/100/0/threaded
Products affected by CVE-2006-4965
- cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*