CVE-2006-4965

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4965. PoCs published by LMH.

AI-analyzed exploit summary This exploit leverages a vulnerability in Apple QuickTime's handling of .qtl files to execute arbitrary script code. It sets up a fake FTP and HTTP server to serve malicious files that trigger the execution of a VBScript payload, ultimately launching calc.exe as a proof of concept.

Description

Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer.

Exploits (1)

exploitdb WORKING POC VERIFIED

by LMH · rubyremotelinux

https://www.exploit-db.com/exploits/28639

View Code ZIP pw:eip

This exploit leverages a vulnerability in Apple QuickTime's handling of .qtl files to execute arbitrary script code. It sets up a fake FTP and HTTP server to serve malicious files that trigger the execution of a VBScript payload, ultimately launching calc.exe as a proof of concept.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apple QuickTime 7.1.3

No auth needed

Prerequisites: Victim must open a malicious .qtl file · Attacker must host malicious files on a server

MITRE ATT&CK