Description
Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm.
Exploits (1)
References (6)
Core 6
Core References
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/304064
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/31164
Vendor Advisory x_refsource_misc
http://www.gnucitizen.org/blog/backdooring-quicktime-movies/
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html
Exploit x_refsource_misc
http://projects.info-pull.com/moab/MOAB-03-01-2007.html
Vendor Advisory x_refsource_confirm
http://docs.info.apple.com/article.html?artnum=305149
Scores
EPSS
0.2579
EPSS Percentile
96.3%
Details
Status
published
Products (2)
apple/quicktime
3.0
apple/quicktime
< 7.1.3
Published
Jan 05, 2007
Tracked Since
Feb 18, 2026