Description
Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be related to CVE-2006-4965 or CVE-2007-5045.
References (5)
Core 5
Core References
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25913
Vendor Advisory x_refsource_confirm
http://docs.info.apple.com/article.html?artnum=306560
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/40434
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/Security-announce/2007/Oct/msg00000.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36937
Scores
EPSS
0.0241
EPSS Percentile
82.0%
Details
CWE
CWE-78
Status
published
Products (1)
apple/quicktime
7.2 (2 CPE variants)
Published
Oct 04, 2007
Tracked Since
Feb 18, 2026