CVE-2007-5045

Apple QuickTime < 7.1.5 - Remote Code Execution via QuickTime Media Link File

Title source: llm
STIX 2.1

Description

Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter containing the Firefox "-chrome" argument. NOTE: this is a related issue to CVE-2006-4965 and the result of an incomplete fix for CVE-2007-3670.

References (10)

Core 10
Core References
Issue Tracking x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=395942
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/479179/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5896
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3197
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_57_mozilla.html
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26881
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1

Scores

EPSS 0.0345
EPSS Percentile 87.6%

Details

CWE
CWE-94
Status published
Products (2)
apple/quicktime < 7.1.5
mozilla/firefox < 2.0.0.6
Published Sep 24, 2007
Tracked Since Feb 18, 2026