Apple QuickTime for Windows Remote Code Execution Vulnerability
BID:25913
Info
Apple QuickTime for Windows Remote Code Execution Vulnerability
| Bugtraq ID: | 25913 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-4673 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 03 2007 12:00AM |
| Updated: | Oct 04 2007 05:58AM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
Apple QuickTime Player 7.2 Apple Quicktime 7.2 |
| Not Vulnerable: | |
Discussion
Apple QuickTime for Windows Remote Code Execution Vulnerability
QuickTime for Windows is prone to a remote code-execution vulnerability because the application fails to handle URIs securely .
Successfully exploiting this issue allows remote attackers to execute arbitrary applications with controlled command-line arguments. This facilitates the remote compromise of affected computers.
QuickTime 7.2 running on Microsoft Windows Vista or XP SP2 is vulnerable.
QuickTime for Windows is prone to a remote code-execution vulnerability because the application fails to handle URIs securely .
Successfully exploiting this issue allows remote attackers to execute arbitrary applications with controlled command-line arguments. This facilitates the remote compromise of affected computers.
QuickTime 7.2 running on Microsoft Windows Vista or XP SP2 is vulnerable.
Exploit / POC
Apple QuickTime for Windows Remote Code Execution Vulnerability
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
Apple QuickTime for Windows Remote Code Execution Vulnerability
Solution:
Apple has released an advisory and fixes to address this issue. Please see the references for more information.
Apple Quicktime 7.2
Apple QuickTime Player 7.2
Solution:
Apple has released an advisory and fixes to address this issue. Please see the references for more information.
Apple Quicktime 7.2
-
Apple Security Update for QuickTime 7.2 for Windows
http://www.apple.com/support/downloads/securityupdateforquicktime72for windows.html
Apple QuickTime Player 7.2
-
Apple Security Update for QuickTime 7.2 for Windows
http://www.apple.com/support/downloads/securityupdateforquicktime72for windows.html
References
Apple QuickTime for Windows Remote Code Execution Vulnerability
References:
References: