Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2007-5045

Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter containing the Firefox "-chrome" argument. NOTE: this is a related issue to CVE-2006-4965 and the result of an incomplete fix for CVE-2007-3670.

Related bugs and status

CVE-2007-5045 (Candidate) is related to these bugs:

Bug #139258: Mozilla Firefox + QuickTime Command Execution

Summary				In	Importance	Status
	139258	Mozilla Firefox + QuickTime Command Execution		firefox (Ubuntu)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.gnucitizen....
MISC: https://bugzilla.mozil...
CONFIRM: http://www.mozilla.org...
SECUNIA: 26881
SUSE: SUSE-SA:2007:057
HP: HPSBUX02153
HP: SSRT061181
SUNALERT: 201516
VUPEN: ADV-2007-3197
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20070912 0DAY: QuickTi...