CVE-2007-5045Code Injection in Apple Quicktime

CWE-94Code Injection4 documents4 sources
Severity
9.3CRITICALNVD
CNA5.0
EPSS
2.0%
top 16.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple QuicktimeMozilla Firefox
Timeline
PublishedSep 24
Latest updateMay 1

Description

Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter containing the Firefox "-chrome" argument. NOTE: this is a related issue to CVE-2006-4965 and the result of an incomplete fix for CVE-2007-3670.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDapple/quicktime7.1.5
NVDmozilla/firefox2.0.0.6

Patches

Patch: secunia.comPatch: www.mozilla.orgPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-6x5g-m8wv-w9v6: Argument injection vulnerability in Apple QuickTime 72022-05-01
CVEList
CVE-2007-5045: Argument injection vulnerability in Apple QuickTime 72007-09-24

📋Vendor Advisories

1
Red Hat
CVE-2007-5045: Argument injection vulnerability in Apple QuickTime 7
CVE-2007-5045 — Code Injection in Apple Quicktime | cvebase