9.3
CVE-2007-4673
- EPSS 2.41%
- Veröffentlicht 04.10.2007 23:17:00
- Zuletzt bearbeitet 16.06.2026 22:44:33
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be related to CVE-2006-4965 or CVE-2007-5045.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.41% | 0.819 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
http://docs.info.apple.com/article.html?artnum=306560
http://lists.apple.com/archives/Security-announce/2007/Oct/msg00000.html
http://osvdb.org/40434
http://www.securityfocus.com/bid/25913
https://exchange.xforce.ibmcloud.com/vulnerabilities/36937