6.8

CVE-2008-1585

Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote attackers to execute arbitrary programs, as originally demonstrated by crafted file: URLs.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleQuicktime Version <= 7.4.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.12% 0.895
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html
http://secunia.com/advisories/31034
http://www.vupen.com/english/advisories/2008/2064/references
http://lists.apple.com/archives/security-announce/2008/Jun/msg00000.html
Patch
http://secunia.com/advisories/29293
http://support.apple.com/kb/HT1991
http://www.securityfocus.com/bid/29619
http://www.us-cert.gov/cas/techalerts/TA08-162C.html
US Government Resource
http://www.vupen.com/english/advisories/2008/1776/references
http://www.kb.cert.org/vuls/id/132419
US Government Resource
http://www.securityfocus.com/archive/1/493248/100/0/threaded
http://www.securityfocus.com/bid/29650
http://www.securitytracker.com/id?1020217
http://www.zerodayinitiative.com/advisories/ZDI-08-038/
https://exchange.xforce.ibmcloud.com/vulnerabilities/42948