CVE-2006-4965
Last modified
CVE-2006-4965 is a vulnerability of currently unknown severity. Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer.. EPSS estimates a 12.38% chance of exploitation in the next 30 days.
Description
Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apple | Quicktime | 7.1.3 |
References
- http://secunia.com/advisories/22048Exploit, Vendor Advisory
- http://secunia.com/advisories/27414Vendor Advisory
- http://www.kb.cert.org/vuls/id/751808US Government Resource
- http://secunia.com/advisories/22048Exploit, Vendor Advisory
- http://secunia.com/advisories/27414Vendor Advisory
- http://www.kb.cert.org/vuls/id/751808US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-4965?
How severe is CVE-2006-4965?
How do I fix CVE-2006-4965?
Are you affected by CVE-2006-4965?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST