Back to search
CVE-2007-5045
Published: Sep 24, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter containing the Firefox "-chrome" argument. NOTE: this is a related issue to CVE-2006-4965 and the result of an incomplete fix for CVE-2007-3670.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.mozilla.org/security/announce/2007/mfsa2007-28.html
x_refsource_CONFIRM
https://bugzilla.mozilla.org/show_bug.cgi?id=395942
x_refsource_MISC
20070912 0DAY: QuickTime pwns Firefox
mailing-list
x_refsource_BUGTRAQ
HPSBUX02153
vendor-advisory
x_refsource_HP
oval:org.mitre.oval:def:5896
vdb-entry
signature
x_refsource_OVAL
ADV-2007-3197
vdb-entry
x_refsource_VUPEN
SUSE-SA:2007:057
vendor-advisory
x_refsource_SUSE
26881
third-party-advisory
x_refsource_SECUNIA
SSRT061181
vendor-advisory
x_refsource_HP
http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox
x_refsource_MISC
201516
vendor-advisory
x_refsource_SUNALERT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now