6.8
CVE-2008-1585
- EPSS 4.12%
- Veröffentlicht 10.06.2008 18:32:00
- Zuletzt bearbeitet 16.06.2026 22:52:01
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote attackers to execute arbitrary programs, as originally demonstrated by crafted file: URLs.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.12% | 0.895 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html
http://secunia.com/advisories/31034
http://www.vupen.com/english/advisories/2008/2064/references
http://lists.apple.com/archives/security-announce/2008/Jun/msg00000.html
http://secunia.com/advisories/29293
http://support.apple.com/kb/HT1991
http://www.securityfocus.com/bid/29619
http://www.us-cert.gov/cas/techalerts/TA08-162C.html
http://www.vupen.com/english/advisories/2008/1776/references
http://www.kb.cert.org/vuls/id/132419
http://www.securityfocus.com/archive/1/493248/100/0/threaded
http://www.securityfocus.com/bid/29650
http://www.securitytracker.com/id?1020217
http://www.zerodayinitiative.com/advisories/ZDI-08-038/
https://exchange.xforce.ibmcloud.com/vulnerabilities/42948