Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-0059Apple Quicktime vulnerability

13 documents5 sources
Severity
6.8MEDIUMNVD
EPSS
25.8%
top 3.74%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apple Quicktime
Timeline
PublishedJan 5
Latest updateMay 1

Description

Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDapple/quicktime7.1.3+1

🔴Vulnerability Details

2
GHSA
GHSA-5ph8-g6w2-gjxv: Cross-zone scripting vulnerability in Apple Quicktime 3 to 72022-05-01
CVEList
CVE-2007-0059: Cross-zone scripting vulnerability in Apple Quicktime 3 to 72007-01-05

💥Exploits & PoCs

1
Exploit-DB
Apple QuickTime 7.1.3 - 'HREFTrack' Cross-Zone Scripting2007-01-03

💬Community

9
Bugzilla
CVE-2007-6450 wireshark RPL dissector crash2008-01-02
Bugzilla
CVE-2007-6451 wireshark CIP dissector crash2008-01-02
Bugzilla
CVE-2007-6121 wireshark RPC Portmap flaws2007-11-23
Bugzilla
CVE-2007-6117 wireshark HTTP dissector flaws2007-11-23
Bugzilla
CVE-2007-6118 wireshark MEGACO dissector flaws2007-11-23
CVE-2007-0059 — Apple Quicktime vulnerability | cvebase