cve/CVE-2006-4965.md at 7909e50b64548be2689e5ad0bc37714dc0608a96

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-06-19 17:30:12 +00:00

0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024

2024-05-26 14:27:05 +02:00

Description

Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer.

POC

Reference

http://securityreason.com/securityalert/1631
http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox
http://www.gnucitizen.org/blog/backdooring-mp3-files/
http://www.kb.cert.org/vuls/id/751808

Github

No PoCs found on GitHub currently.

1.1 KiB Raw Blame History

CVE-2006-4965

Description

POC

Reference

Github

1.1 KiB

Raw Blame History