Vulnerability Note VU#751808
Apple QuickTime remote command execution vulnerability
Apple QuickTime contains a vulnerability that may allow an attacker to pass arbitrary commands to other applications.
Apple QuickTime is a media player that is available for Microsoft Windows and Apple OS X. Apple QuickTime includes browser plugins for Internet Explorer, Safari, and Netscape-compatible browsers.
QuickTime includes the ability for developers to control how QuickTime movies are launched, what controls are displayed to the user, and other actions. To specify these parameters, developers can create QuickTime link (.qtl) files. QuickTime link files can be embedded in web pages and launched automatically when a user visits a website.
By convincing a user to open a specially crafted QuickTime file, a remote, unauthenticated attacker may be able execute arbitrary commands on a vulnerable system.
Restrict access to QuickTime Movies
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer, Inc.||Affected||12 Sep 2007||04 Oct 2007|
|Mozilla||Affected||12 Sep 2007||20 Sep 2007|
CVSS Metrics (Learn More)
This vulnerability was disclosed by pdp on the GNUCITIZEN website.
This document was written by Ryan Giobbi and Will Dormann.
- CVE IDs: CVE-2007-4673
- Date Public: 12 Sep 2007
- Date First Published: 13 Sep 2007
- Date Last Updated: 04 Oct 2007
- Severity Metric: 35.11
- Document Revision: 51
If you have feedback, comments, or additional information about this vulnerability, please send us email.