Back to search
CVE-2008-1585
Published: Jun 10, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote attackers to execute arbitrary programs, as originally demonstrated by crafted file: URLs.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.zerodayinitiative.com/advisories/ZDI-08-038/
x_refsource_MISC
quicktime-quicktime-content-code-execution(42948)
vdb-entry
x_refsource_XF
29650
vdb-entry
x_refsource_BID
ADV-2008-2064
vdb-entry
x_refsource_VUPEN
TA08-162C
third-party-advisory
x_refsource_CERT
31034
third-party-advisory
x_refsource_SECUNIA
20080610 ZDI-08-038: QuickTime SMIL qtnext Redirect File Execution
mailing-list
x_refsource_BUGTRAQ
1020217
vdb-entry
x_refsource_SECTRACK
APPLE-SA-2008-07-10
vendor-advisory
x_refsource_APPLE
APPLE-SA-2008-06-09
vendor-advisory
x_refsource_APPLE
29293
third-party-advisory
x_refsource_SECUNIA
ADV-2008-1776
vdb-entry
x_refsource_VUPEN
VU#132419
third-party-advisory
x_refsource_CERT-VN
29619
vdb-entry
x_refsource_BID
http://support.apple.com/kb/HT1991
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now