CVE-2006-4965 - OpenCVE

Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Quicktime

Configuration 1 [-]

cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://docs.info.apple.com/article.html?artnum=305149
http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html
http://secunia.com/advisories/22048
http://secunia.com/advisories/27414
http://securityreason.com/securityalert/1631
http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox
http://www.gnucitizen.org/blog/backdooring-mp3-files/
http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up
http://www.kb.cert.org/vuls/id/751808
http://www.securityfocus.com/archive/1/446750/100/0/threaded
http://www.securityfocus.com/archive/1/453756/100/0/threaded
http://www.securityfocus.com/archive/1/479179/100/0/threaded
http://www.securityfocus.com/bid/20138
http://www.securitytracker.com/id?1018687
http://www.vupen.com/english/advisories/2007/3155

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-09-25T00:00:00

Updated: 2024-08-07T19:32:22.652Z

Reserved: 2006-09-24T00:00:00

Link: CVE-2006-4965

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-09-25T00:07:00.000

Modified: 2018-10-17T21:40:34.497

Link: CVE-2006-4965

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-09-20T00:00:00", "descriptions": [{"lang": "en", "value": "Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1631", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1631"}, {"name": "VU#751808", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/751808"}, {"name": "27414", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27414"}, {"name": "20070912 0DAY: QuickTime pwns Firefox", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/479179/100/0/threaded"}, {"name": "1018687", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018687"}, {"tags": ["x_refsource_MISC"], "url": "http://www.gnucitizen.org/blog/backdooring-mp3-files/"}, {"name": "20061207 New MySpace worm could be on its way", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/453756/100/0/threaded"}, {"name": "APPLE-SA-2007-03-05", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"}, {"name": "ADV-2007-3155", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3155"}, {"name": "20138", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/20138"}, {"name": "20060920 Backdooring MP3 files (plus QuickTime issues and Cross-context Scripting)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/446750/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=305149"}, {"tags": ["x_refsource_MISC"], "url": "http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox"}, {"name": "22048", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22048"}, {"tags": ["x_refsource_MISC"], "url": "http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4965", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1631", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1631"}, {"name": "VU#751808", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/751808"}, {"name": "27414", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27414"}, {"name": "20070912 0DAY: QuickTime pwns Firefox", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/479179/100/0/threaded"}, {"name": "1018687", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018687"}, {"name": "http://www.gnucitizen.org/blog/backdooring-mp3-files/", "refsource": "MISC", "url": "http://www.gnucitizen.org/blog/backdooring-mp3-files/"}, {"name": "20061207 New MySpace worm could be on its way", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/453756/100/0/threaded"}, {"name": "APPLE-SA-2007-03-05", "refsource": "APPLE", "url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"}, {"name": "ADV-2007-3155", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3155"}, {"name": "20138", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20138"}, {"name": "20060920 Backdooring MP3 files (plus QuickTime issues and Cross-context Scripting)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/446750/100/0/threaded"}, {"name": "http://docs.info.apple.com/article.html?artnum=305149", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=305149"}, {"name": "http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox", "refsource": "MISC", "url": "http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox"}, {"name": "22048", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22048"}, {"name": "http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up", "refsource": "MISC", "url": "http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:32:22.652Z"}, "title": "CVE Program Container", "references": [{"name": "1631", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/1631"}, {"name": "VU#751808", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/751808"}, {"name": "27414", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27414"}, {"name": "20070912 0DAY: QuickTime pwns Firefox", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/479179/100/0/threaded"}, {"name": "1018687", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1018687"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.gnucitizen.org/blog/backdooring-mp3-files/"}, {"name": "20061207 New MySpace worm could be on its way", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/453756/100/0/threaded"}, {"name": "APPLE-SA-2007-03-05", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"}, {"name": "ADV-2007-3155", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3155"}, {"name": "20138", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/20138"}, {"name": "20060920 Backdooring MP3 files (plus QuickTime issues and Cross-context Scripting)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/446750/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://docs.info.apple.com/article.html?artnum=305149"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox"}, {"name": "22048", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22048"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4965", "datePublished": "2006-09-25T00:00:00", "dateReserved": "2006-09-24T00:00:00", "dateUpdated": "2024-08-07T19:32:22.652Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "952A8015-B18B-481C-AC17-60F0D7EEE085", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer."}, {"lang": "es", "value": "Apple QuickTime 7.1.3 Player y sus plug-ins permiten a un atacante remoto ejecutar c\u00f3digo JavaScript de su elecci\u00f3n y posiblemente llevar a cabo otros ataques mediante un archivo QuickTime Media Link (QTL) con un elemento XML embebido y un par\u00e1metro qtnext que identifica recursos fuera del dominio original. NOTA: a fecha del 12-09-2007, este problema fue demostrado utilizando instancias de Components.interfaces.nsILocalFile y Components.interfaces.nsIProcess para ejecutar archivos locales de su elecci\u00f3n en Firefox y posiblemente Internet Explorer."}], "id": "CVE-2006-4965", "lastModified": "2018-10-17T21:40:34.497", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-09-25T00:07:00.000", "references": [{"source": "cve@mitre.org", "url": "http://docs.info.apple.com/article.html?artnum=305149"}, {"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://secunia.com/advisories/22048"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27414"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1631"}, {"source": "cve@mitre.org", "url": "http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.gnucitizen.org/blog/backdooring-mp3-files/"}, {"source": "cve@mitre.org", "url": "http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/751808"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/446750/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/453756/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/479179/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/20138"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018687"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/3155"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}