CVE-2007-4673 — OS Command Injection in Apple Quicktime

CWE-78 — OS Command Injection3 documents3 sources

Severity

9.3CRITICALNVD

CNA5.0

EPSS

1.4%

top 19.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Quicktime

Timeline

PublishedOct 4

Latest updateMay 1

Description

Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be related to CVE-2006-4965 or CVE-2007-5045.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDapple/quicktime7.2

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-v7j6-cjp7-gqh6: Argument injection vulnerability in Apple QuickTime 7↗2022-05-01

▶

CVEList

CVE-2007-4673: Argument injection vulnerability in Apple QuickTime 7↗2007-10-04

▶