Vulnerability-Lookup

CVE-2006-4965 (GCVE-0-2006-4965)

Vulnerability from cvelistv5 – Published: 2006-09-25 04:00 – Updated: 2024-08-07 19:32

Summary

Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://securityreason.com/securityalert/1631	third-party-advisoryx_refsource_SREASON
	http://www.kb.cert.org/vuls/id/751808	third-party-advisoryx_refsource_CERT-VN
	http://secunia.com/advisories/27414	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/479179/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securitytracker.com/id?1018687	vdb-entryx_refsource_SECTRACK
	http://www.gnucitizen.org/blog/backdooring-mp3-files/	x_refsource_MISC
	http://www.securityfocus.com/archive/1/453756/100…	mailing-listx_refsource_BUGTRAQ
	http://lists.apple.com/archives/Security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.vupen.com/english/advisories/2007/3155	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/20138	vdb-entryx_refsource_BID
	http://www.securityfocus.com/archive/1/446750/100…	mailing-listx_refsource_BUGTRAQ
	http://docs.info.apple.com/article.html?artnum=305149	x_refsource_CONFIRM
	http://www.gnucitizen.org/blog/0day-quicktime-pwn…	x_refsource_MISC
	http://secunia.com/advisories/22048	third-party-advisoryx_refsource_SECUNIA
	http://www.gnucitizen.org/blog/myspace-quicktime-…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:32:22.652Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1631",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/1631"
          },
          {
            "name": "VU#751808",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/751808"
          },
          {
            "name": "27414",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27414"
          },
          {
            "name": "20070912 0DAY: QuickTime pwns Firefox",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/479179/100/0/threaded"
          },
          {
            "name": "1018687",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018687"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.gnucitizen.org/blog/backdooring-mp3-files/"
          },
          {
            "name": "20061207 New MySpace worm could be on its way",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/453756/100/0/threaded"
          },
          {
            "name": "APPLE-SA-2007-03-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
          },
          {
            "name": "ADV-2007-3155",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3155"
          },
          {
            "name": "20138",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/20138"
          },
          {
            "name": "20060920 Backdooring MP3 files (plus QuickTime issues and Cross-context Scripting)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/446750/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=305149"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox"
          },
          {
            "name": "22048",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22048"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-09-20T04:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain.  NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T00:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1631",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/1631"
        },
        {
          "name": "VU#751808",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/751808"
        },
        {
          "name": "27414",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27414"
        },
        {
          "name": "20070912 0DAY: QuickTime pwns Firefox",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/479179/100/0/threaded"
        },
        {
          "name": "1018687",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018687"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.gnucitizen.org/blog/backdooring-mp3-files/"
        },
        {
          "name": "20061207 New MySpace worm could be on its way",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/453756/100/0/threaded"
        },
        {
          "name": "APPLE-SA-2007-03-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
        },
        {
          "name": "ADV-2007-3155",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3155"
        },
        {
          "name": "20138",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/20138"
        },
        {
          "name": "20060920 Backdooring MP3 files (plus QuickTime issues and Cross-context Scripting)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/446750/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=305149"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox"
        },
        {
          "name": "22048",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22048"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4965",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain.  NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1631",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/1631"
            },
            {
              "name": "VU#751808",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/751808"
            },
            {
              "name": "27414",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27414"
            },
            {
              "name": "20070912 0DAY: QuickTime pwns Firefox",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/479179/100/0/threaded"
            },
            {
              "name": "1018687",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018687"
            },
            {
              "name": "http://www.gnucitizen.org/blog/backdooring-mp3-files/",
              "refsource": "MISC",
              "url": "http://www.gnucitizen.org/blog/backdooring-mp3-files/"
            },
            {
              "name": "20061207 New MySpace worm could be on its way",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/453756/100/0/threaded"
            },
            {
              "name": "APPLE-SA-2007-03-05",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
            },
            {
              "name": "ADV-2007-3155",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3155"
            },
            {
              "name": "20138",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/20138"
            },
            {
              "name": "20060920 Backdooring MP3 files (plus QuickTime issues and Cross-context Scripting)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/446750/100/0/threaded"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=305149",
              "refsource": "CONFIRM",
              "url": "http://docs.info.apple.com/article.html?artnum=305149"
            },
            {
              "name": "http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox",
              "refsource": "MISC",
              "url": "http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox"
            },
            {
              "name": "22048",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22048"
            },
            {
              "name": "http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up",
              "refsource": "MISC",
              "url": "http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4965",
    "datePublished": "2006-09-25T04:00:00.000Z",
    "dateReserved": "2006-09-24T04:00:00.000Z",
    "dateUpdated": "2024-08-07T19:32:22.652Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2007-AVI-112

Vulnerability from certfr_avis - Published: 2007-03-07 - Updated: 2007-03-07

Plusieurs vulnérabilités ont été identifiées dans le logiciel Apple QuickTime. Elles permettraient à une personne malveillante qui les exploiteraient de perturber l'application, voire d'exécuter des commandes arbitraires sur le système ayant une version vulnérable.

Description

Plusieurs vulnérabilités ont été identifiées dans le lecteur multimedia Apple QuickTime. Elles concernent une mauvaise manipulation de fichiers aux formats suivants :

3rd Generation Partnership Project (extensions de fichier : .3gp ou .3g2). Il s'agit d'un format de vidéos compressées prévues pour être diffusées sur les réseaux mobiles dits de troisième génération (3G).
MIDI, ou Musical Instrument Digital Interface (extension .smf). Il s'agit d'un format destiné intialement à faire communiquer les instruments électroniques.
Quicktime (extension : .mov). Il s'agit d'un format permettant de regrouper plusieurs types de données (texte, video ou audio par exemple).
PICT (extension : .pct). Il s'agit d'un format vectoriel interne au fonctionnement de Macintosh.
QTIF, ou Quicktime Image File Format (extension : .qif). Il s'agit d'un format permettant de regrouper plusieurs images compressées.

Ces vulnérabilités permettraient à une personne malveillante qui les exploiteraient de perturber l'application, voire d'exécuter des commandes arbitraires sur le système ayant une version vulnérable.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les versions de QuickTime antérieures à 7.1.5, pour Apple Mac OS ou Microsoft Windows.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité 305149 du 06 mars 2007	None	vendor-advisory
Bulletin de sécurité iDefense du 05 mars 2007 :	-	other
Bulletin de sécurité Apple du 06 mars 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eLes versions de QuickTime ant\u00e9rieures \u00e0 7.1.5, pour Apple Mac  OS ou Microsoft Windows.\u003c/P\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le lecteur multimedia\nApple QuickTime. Elles concernent une mauvaise manipulation de fichiers\naux formats suivants :\n\n-   3rd Generation Partnership Project (extensions de fichier : .3gp ou\n    .3g2). Il s\u0027agit d\u0027un format de vid\u00e9os compress\u00e9es pr\u00e9vues pour \u00eatre\n    diffus\u00e9es sur les r\u00e9seaux mobiles dits de troisi\u00e8me g\u00e9n\u00e9ration (3G).\n-   MIDI, ou Musical Instrument Digital Interface (extension .smf). Il\n    s\u0027agit d\u0027un format destin\u00e9 intialement \u00e0 faire communiquer les\n    instruments \u00e9lectroniques.\n-   Quicktime (extension : .mov). Il s\u0027agit d\u0027un format permettant de\n    regrouper plusieurs types de donn\u00e9es (texte, video ou audio par\n    exemple).\n-   PICT (extension : .pct). Il s\u0027agit d\u0027un format vectoriel interne au\n    fonctionnement de Macintosh.\n-   QTIF, ou Quicktime Image File Format (extension : .qif). Il s\u0027agit\n    d\u0027un format permettant de regrouper plusieurs images compress\u00e9es.\n\nCes vuln\u00e9rabilit\u00e9s permettraient \u00e0 une personne malveillante qui les\nexploiteraient de perturber l\u0027application, voire d\u0027ex\u00e9cuter des\ncommandes arbitraires sur le syst\u00e8me ayant une version vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-4965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4965"
    },
    {
      "name": "CVE-2007-0714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0714"
    },
    {
      "name": "CVE-2007-0718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0718"
    },
    {
      "name": "CVE-2007-0712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0712"
    },
    {
      "name": "CVE-2007-0716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0716"
    },
    {
      "name": "CVE-2007-0711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0711"
    },
    {
      "name": "CVE-2007-0717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0717"
    },
    {
      "name": "CVE-2007-0713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0713"
    },
    {
      "name": "CVE-2007-0715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0715"
    }
  ],
  "initial_release_date": "2007-03-07T00:00:00",
  "last_revision_date": "2007-03-07T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iDefense du 05 mars 2007 :",
      "url": "http://www.idefense.com/application/poi/display?id=486"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 06 mars 2007 :",
      "url": "http://docs.info.apple.com/article.html?artnum=305149"
    }
  ],
  "reference": "CERTA-2007-AVI-112",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-03-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le logiciel Apple\nQuickTime. Elles permettraient \u00e0 une personne malveillante qui les\nexploiteraient de perturber l\u0027application, voire d\u0027ex\u00e9cuter des\ncommandes arbitraires sur le syst\u00e8me ayant une version vuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple QuickTime",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 305149 du 06 mars 2007",
      "url": null
    }
  ]
}

FKIE_CVE-2006-4965

Vulnerability from fkie_nvd - Published: 2006-09-25 00:07 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=305149
cve@mitre.org	http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html
cve@mitre.org	http://secunia.com/advisories/22048	Exploit, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/27414	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/1631
cve@mitre.org	http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox
cve@mitre.org	http://www.gnucitizen.org/blog/backdooring-mp3-files/	Exploit
cve@mitre.org	http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up
cve@mitre.org	http://www.kb.cert.org/vuls/id/751808	US Government Resource
cve@mitre.org	http://www.securityfocus.com/archive/1/446750/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/453756/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/479179/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/20138	Exploit
cve@mitre.org	http://www.securitytracker.com/id?1018687
cve@mitre.org	http://www.vupen.com/english/advisories/2007/3155
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=305149
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22048	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27414	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/1631
af854a3a-2127-422b-91ae-364da2661108	http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox
af854a3a-2127-422b-91ae-364da2661108	http://www.gnucitizen.org/blog/backdooring-mp3-files/	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/751808	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/446750/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/453756/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/479179/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/20138	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018687
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3155

Impacted products

	Vendor	Product	Version
	apple	quicktime	7.1.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "952A8015-B18B-481C-AC17-60F0D7EEE085",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain.  NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer."
    },
    {
      "lang": "es",
      "value": "Apple QuickTime 7.1.3 Player y sus plug-ins permiten a un atacante remoto ejecutar c\u00f3digo JavaScript de su elecci\u00f3n y posiblemente llevar a cabo otros ataques mediante un archivo QuickTime Media Link (QTL) con un elemento XML embebido y un par\u00e1metro qtnext que identifica recursos fuera del dominio original. NOTA: a fecha del 12-09-2007, este problema fue demostrado utilizando instancias de Components.interfaces.nsILocalFile y Components.interfaces.nsIProcess para ejecutar archivos locales de su elecci\u00f3n en Firefox y posiblemente Internet Explorer."
    }
  ],
  "id": "CVE-2006-4965",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-09-25T00:07:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://docs.info.apple.com/article.html?artnum=305149"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22048"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27414"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/1631"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.gnucitizen.org/blog/backdooring-mp3-files/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/751808"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/446750/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/453756/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/479179/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/20138"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018687"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/3155"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://docs.info.apple.com/article.html?artnum=305149"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27414"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/1631"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.gnucitizen.org/blog/backdooring-mp3-files/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/751808"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/446750/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/453756/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/479179/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/20138"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3155"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-8X7F-X5PJ-6MMH

Vulnerability from github – Published: 2022-05-01 07:23 – Updated: 2025-04-03 04:41

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-4965"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-09-25T00:07:00Z",
    "severity": "MODERATE"
  },
  "details": "Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain.  NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer.",
  "id": "GHSA-8x7f-x5pj-6mmh",
  "modified": "2025-04-03T04:41:11Z",
  "published": "2022-05-01T07:23:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4965"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=305149"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22048"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27414"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/1631"
    },
    {
      "type": "WEB",
      "url": "http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox"
    },
    {
      "type": "WEB",
      "url": "http://www.gnucitizen.org/blog/backdooring-mp3-files"
    },
    {
      "type": "WEB",
      "url": "http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/751808"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/446750/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/453756/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/479179/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/20138"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018687"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/3155"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2006-4965

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-4965

Aliases

CVE-2006-4965

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-4965",
    "description": "Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain.  NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer.",
    "id": "GSD-2006-4965"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-4965"
      ],
      "details": "Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain.  NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer.",
      "id": "GSD-2006-4965",
      "modified": "2023-12-13T01:19:52.001494Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-4965",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain.  NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1631",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/1631"
          },
          {
            "name": "VU#751808",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/751808"
          },
          {
            "name": "27414",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27414"
          },
          {
            "name": "20070912 0DAY: QuickTime pwns Firefox",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/479179/100/0/threaded"
          },
          {
            "name": "1018687",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018687"
          },
          {
            "name": "http://www.gnucitizen.org/blog/backdooring-mp3-files/",
            "refsource": "MISC",
            "url": "http://www.gnucitizen.org/blog/backdooring-mp3-files/"
          },
          {
            "name": "20061207 New MySpace worm could be on its way",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/453756/100/0/threaded"
          },
          {
            "name": "APPLE-SA-2007-03-05",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
          },
          {
            "name": "ADV-2007-3155",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/3155"
          },
          {
            "name": "20138",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/20138"
          },
          {
            "name": "20060920 Backdooring MP3 files (plus QuickTime issues and Cross-context Scripting)",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/446750/100/0/threaded"
          },
          {
            "name": "http://docs.info.apple.com/article.html?artnum=305149",
            "refsource": "CONFIRM",
            "url": "http://docs.info.apple.com/article.html?artnum=305149"
          },
          {
            "name": "http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox",
            "refsource": "MISC",
            "url": "http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox"
          },
          {
            "name": "22048",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22048"
          },
          {
            "name": "http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up",
            "refsource": "MISC",
            "url": "http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4965"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain.  NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.gnucitizen.org/blog/backdooring-mp3-files/",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.gnucitizen.org/blog/backdooring-mp3-files/"
            },
            {
              "name": "20138",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/20138"
            },
            {
              "name": "22048",
              "refsource": "SECUNIA",
              "tags": [
                "Exploit",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/22048"
            },
            {
              "name": "http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up"
            },
            {
              "name": "http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=305149",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://docs.info.apple.com/article.html?artnum=305149"
            },
            {
              "name": "APPLE-SA-2007-03-05",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html"
            },
            {
              "name": "VU#751808",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/751808"
            },
            {
              "name": "1018687",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018687"
            },
            {
              "name": "27414",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27414"
            },
            {
              "name": "1631",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/1631"
            },
            {
              "name": "ADV-2007-3155",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/3155"
            },
            {
              "name": "20070912 0DAY: QuickTime pwns Firefox",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/479179/100/0/threaded"
            },
            {
              "name": "20061207 New MySpace worm could be on its way",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/453756/100/0/threaded"
            },
            {
              "name": "20060920 Backdooring MP3 files (plus QuickTime issues and Cross-context Scripting)",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/446750/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-17T21:40Z",
      "publishedDate": "2006-09-25T00:07Z"
    }
  }
}

CERTA-2007-ALE-014

Vulnerability from certfr_alerte - Published: 2007-09-13 - Updated: 2007-10-12

Une vulnérabilité touchant Apple QuickTime permet à une personne malintentionnée d'exécuter du code arbitraire à distance.

Description

Une vulnérabilité a été identifiée dans Apple QuickTime. Ce lecteur multimédia permet à une personne de spécifier un média à lire après l'exécution du média courant (option QTNEXT d'un fichier multimédia). Cette fonctionnalité peut cependant être détournée pour exécuter du code Javascript, et donc du code arbitraire sur le poste de l'utilisateur. L'interpréteur Javascript utilisé est le navigateur Internet par défaut de l'utilisateur.

Des codes de démonstration sont disponibles sur l'Internet et fonctionnent si Mozilla Firefox est le navigateur par défaut, sur Microsoft Windows. Les autres systèmes d'exploitation ne semblent pas concernés mais le navigateur Netscape Navigator, basé sur le même moteur de rendu que Firefox, est aussi vulnérable.

Pour résumer, les problèmes rencontrés sont :

QuickTime n'offre pas la possibilité de bloquer le Javascript ;
QuickTime associé à un navigateur comme Mozilla Firefox ne respecte pas la politique du navigateur liée au Javascript.

Il est important de noter que l'utilisation d'un navigateur alternatif ne contourne pas le problème si Mozilla Firefox est défini comme navigateur par défaut.

Contournements provisoires

Quelques contournements sont envisageables :

- ouvrir la fenêtre about:config ;
- filtrer les options en tapant protocol ;
- mettre l'option network.protocol-handler.external.javascript à la valeur true.
Ceci n'empêche pas l'exploitation mais avertit l'utilisateur lorsqu'une application externe appelle l'interpréteur Javascript de Firefox.
l'utilisation d'une extension telle que NoScript peut bloquer l'exécution de code si l'option Forbid scripts globally est activée.
définir un navigateur alternatif non basé sur le moteur de rendu Gecko comme navigateur par défaut. Des tests internes au CERTA ont montré que Seamonkey 1.1.4 ne semble pas vulnérable mais il convient de rester prudent.

Le meilleur contournement à la date de rédaction de cette alerte consiste à désinstaller complètement l'application QuickTime dans l'attente d'un correctif d'Apple et/ou Mozilla.

Solution

L'éditeur Mozilla a publié un correctif pour le navigateur Firefox (version 2.0.0.7) qui empêche l'exécution de scripts arbitraires via une ligne de commande avec le paramètre -chrome.

Apple a également publié un correctif (7.2.0.245) pour Quicktime. (cf. section Documentation).

Apple QuickTime 7.2 et versions antérieures sur Microsoft Windows.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Entrée sur le bloc-notes Mozilla du 12 septembre 2007 : /	-	other
Bulletin de sécurité Mozilla MFSA 2007-28 du 18 septembre 2007 :	-	other
Avis du CERTA CERTA-2007-AVI-407 du 19 septembre 2007 :	-	other
Bulletin de sécurité Apple 306560 du 03 octobre 2007 :	-	other
Rapport de bogue #395942 de Mozilla :	-	other
Bulletin d'actualité CERTA-2007-ACT-037 - « Vulnérabilité sur Quicktime et Firefox » :	-	other
Bulletin d'actualité CERTA-2007-ACT-011 - « Le Javascript est omniprésent » :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eApple QuickTime 7.2 et versions ant\u00e9rieures sur Microsoft  Windows.\u003c/P\u003e",
  "closed_at": "2007-10-12",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans Apple QuickTime. Ce lecteur\nmultim\u00e9dia permet \u00e0 une personne de sp\u00e9cifier un m\u00e9dia \u00e0 lire apr\u00e8s\nl\u0027ex\u00e9cution du m\u00e9dia courant (option QTNEXT d\u0027un fichier multim\u00e9dia).\nCette fonctionnalit\u00e9 peut cependant \u00eatre d\u00e9tourn\u00e9e pour ex\u00e9cuter du code\nJavascript, et donc du code arbitraire sur le poste de l\u0027utilisateur.\nL\u0027interpr\u00e9teur Javascript utilis\u00e9 est le navigateur Internet par d\u00e9faut\nde l\u0027utilisateur.\n\nDes codes de d\u00e9monstration sont disponibles sur l\u0027Internet et\nfonctionnent si Mozilla Firefox est le navigateur par d\u00e9faut, sur\nMicrosoft Windows. Les autres syst\u00e8mes d\u0027exploitation ne semblent pas\nconcern\u00e9s mais le navigateur Netscape Navigator, bas\u00e9 sur le m\u00eame moteur\nde rendu que Firefox, est aussi vuln\u00e9rable.\n\nPour r\u00e9sumer, les probl\u00e8mes rencontr\u00e9s sont :\n\n-   QuickTime n\u0027offre pas la possibilit\u00e9 de bloquer le Javascript ;\n-   QuickTime associ\u00e9 \u00e0 un navigateur comme Mozilla Firefox ne respecte\n    pas la politique du navigateur li\u00e9e au Javascript.\n\nIl est important de noter que l\u0027utilisation d\u0027un navigateur alternatif\nne contourne pas le probl\u00e8me si Mozilla Firefox est d\u00e9fini comme\nnavigateur par d\u00e9faut.\n\n## Contournements provisoires\n\nQuelques contournements sont envisageables :\n\n1.  -   ouvrir la fen\u00eatre about:config ;\n    -   filtrer les options en tapant protocol ;\n    -   mettre l\u0027option network.protocol-handler.external.javascript \u00e0\n        la valeur true.\n\n    Ceci n\u0027emp\u00eache pas l\u0027exploitation mais avertit l\u0027utilisateur\n    lorsqu\u0027une application externe appelle l\u0027interpr\u00e9teur Javascript de\n    Firefox.\n\n2.  l\u0027utilisation d\u0027une extension telle que NoScript peut bloquer\n    l\u0027ex\u00e9cution de code si l\u0027option Forbid scripts globally est activ\u00e9e.\n\n3.  d\u00e9finir un navigateur alternatif non bas\u00e9 sur le moteur de rendu\n    Gecko comme navigateur par d\u00e9faut. Des tests internes au CERTA ont\n    montr\u00e9 que Seamonkey 1.1.4 ne semble pas vuln\u00e9rable mais il convient\n    de rester prudent.\n\nLe meilleur contournement \u00e0 la date de r\u00e9daction de cette alerte\nconsiste \u00e0 d\u00e9sinstaller compl\u00e8tement l\u0027application QuickTime dans\nl\u0027attente d\u0027un correctif d\u0027Apple et/ou Mozilla.\n\n## Solution\n\nL\u0027\u00e9diteur Mozilla a publi\u00e9 un correctif pour le navigateur Firefox\n(version 2.0.0.7) qui emp\u00eache l\u0027ex\u00e9cution de scripts arbitraires via une\nligne de commande avec le param\u00e8tre -chrome.\n\nApple a \u00e9galement publi\u00e9 un correctif (7.2.0.245) pour Quicktime. (cf.\nsection Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-4965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4965"
    },
    {
      "name": "CVE-2007-4673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4673"
    }
  ],
  "initial_release_date": "2007-09-13T00:00:00",
  "last_revision_date": "2007-10-12T00:00:00",
  "links": [
    {
      "title": "Entr\u00e9e sur le bloc-notes Mozilla du 12 septembre 2007 :      /",
      "url": "http://blog.mozilla.com/security/2007/09/12/quicktime-to-firefox-issue"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA 2007-28 du 18 septembre    2007 :",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-28.html"
    },
    {
      "title": "Avis du CERTA CERTA-2007-AVI-407 du 19 septembre 2007 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-AVI-407/index.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 306560 du 03 octobre 2007 :",
      "url": "http://docs.info.apple.com/article.html?artnum=306560"
    },
    {
      "title": "Rapport de bogue #395942 de Mozilla :",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=395942"
    },
    {
      "title": "Bulletin d\u0027actualit\u00e9 CERTA-2007-ACT-037 - \u00ab Vuln\u00e9rabilit\u00e9    sur Quicktime et Firefox \u00bb :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-ACT-037.pdf"
    },
    {
      "title": "Bulletin d\u0027actualit\u00e9 CERTA-2007-ACT-011 - \u00ab Le Javascript    est omnipr\u00e9sent \u00bb :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-ACT-011.pdf"
    }
  ],
  "reference": "CERTA-2007-ALE-014",
  "revisions": [
    {
      "description": "version initiale ;",
      "revision_date": "2007-09-13T00:00:00.000000"
    },
    {
      "description": "mise \u00e0 jour des syst\u00e8mes affect\u00e9s, de la description, des contournements et ajout de r\u00e9f\u00e9rences ;",
      "revision_date": "2007-09-14T00:00:00.000000"
    },
    {
      "description": "mise \u00e0 jour de la solution et de la documentation ;",
      "revision_date": "2007-09-19T00:00:00.000000"
    },
    {
      "description": "ajout d\u0027une r\u00e9f\u00e9rence CVE et du correctif pour Quicktime.",
      "revision_date": "2007-10-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 touchant Apple QuickTime permet \u00e0 une personne\nmalintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Apple QuickTime",
  "vendor_advisories": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-4965 (GCVE-0-2006-4965)

CERTA-2007-AVI-112

Description

Solution

FKIE_CVE-2006-4965

GHSA-8X7F-X5PJ-6MMH

GSD-2006-4965

CERTA-2007-ALE-014

Description

Contournements provisoires

Solution

Tags

Sightings

Nomenclature