Details of VAR-200709-0084

ID

VAR-200709-0084

CVE

CVE-2007-5045

TITLE

Apple QuickTime remote command execution vulnerability

Trust: 0.8

sources: CERT/CC: VU#751808

DESCRIPTION

Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter containing the Firefox "-chrome" argument. NOTE: this is a related issue to CVE-2006-4965 and the result of an incomplete fix for CVE-2007-3670. QuickTime Player is prone to a remote security vulnerability. Apple QuickTime has an Argument Injection vulnerability. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Firefox "-chrome" Parameter Security Issue SECUNIA ADVISORY ID: SA26881 VERIFY ADVISORY: http://secunia.com/advisories/26881/ CRITICAL: Less critical IMPACT: System access WHERE: >From remote SOFTWARE: Mozilla Firefox 2.0.x http://secunia.com/product/12434/ Mozilla Firefox 1.x http://secunia.com/product/4227/ DESCRIPTION: Mozilla has acknowledged a security issue in Firefox, which potentially can be exploited by malicious people to compromise a user's system. The security issue is caused due to the "-chrome" parameter allowing execution of arbitrary Javascript script code in chrome context. This can be exploited to execute arbitrary commands on a user's system e.g. via applications invoking Firefox with unfiltered command line arguments. This is related to: SA22048 SA25984 The security issue affects Firefox prior to version 2.0.0.7. SOLUTION: Update to version 2.0.0.7. NOTE: Support for Firefox 1.5.0.x has ended June 2007. The vendor encourages users to upgrade to Firefox 2. ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2007/mfsa2007-28.html OTHER REFERENCES: SA22048: http://secunia.com/advisories/22048/ SA25984: http://secunia.com/advisories/25984/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2007-5045 // CERT/CC: VU#751808 // JVNDB: JVNDB-2007-002675 // BID: 85350 // VULHUB: VHN-28407 // PACKETSTORM: 59433

AFFECTED PRODUCTS

vendor:	apple	model:	quicktime	scope:	lte	version:	7.1.5	Trust: 1.8
vendor:	mozilla	model:	firefox	scope:	lte	version:	2.0.0.6	Trust: 1.0
vendor:	apple computer	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	mozilla	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	mozilla	model:	firefox	scope:	lt	version:	2.0.0.7	Trust: 0.8
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.6	Trust: 0.6
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.6	Trust: 0.3
vendor:	apple	model:	quicktime player	scope:	eq	version:	7.1.5	Trust: 0.3

sources: CERT/CC: VU#751808 // BID: 85350 // JVNDB: JVNDB-2007-002675 // CNNVD: CNNVD-200709-336 // NVD: CVE-2007-5045

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-5045
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#751808
value:	35.11
Trust: 0.8
NVD:	CVE-2007-5045
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200709-336
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-28407
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-5045
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-28407
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#751808 // VULHUB: VHN-28407 // JVNDB: JVNDB-2007-002675 // CNNVD: CNNVD-200709-336 // NVD: CVE-2007-5045

PROBLEMTYPE DATA

problemtype:

CWE-94

Trust: 1.9

sources: VULHUB: VHN-28407 // JVNDB: JVNDB-2007-002675 // NVD: CVE-2007-5045

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200709-336

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-200709-336

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-002675

PATCH

title:	Top Page	url:	http://www.apple.com/	Trust: 0.8
title:	Firefox	url:	http://www.mozilla.org/en-US/firefox/new/	Trust: 0.8

sources: JVNDB: JVNDB-2007-002675

EXTERNAL IDS

db:	NVD	id:	CVE-2007-5045	Trust: 2.8
db:	SECUNIA	id:	26881	Trust: 2.6
db:	VUPEN	id:	ADV-2007-3197	Trust: 1.7
db:	CERT/CC	id:	VU#751808	Trust: 0.8
db:	JVNDB	id:	JVNDB-2007-002675	Trust: 0.8
db:	BUGTRAQ	id:	20070912 0DAY: QUICKTIME PWNS FIREFOX	Trust: 0.6
db:	HP	id:	SSRT061181	Trust: 0.6
db:	OVAL	id:	OVAL:ORG.MITRE.OVAL:DEF:5896	Trust: 0.6
db:	SUNALERT	id:	201516	Trust: 0.6
db:	SUSE	id:	SUSE-SA:2007:057	Trust: 0.6
db:	CNNVD	id:	CNNVD-200709-336	Trust: 0.6
db:	BID	id:	85350	Trust: 0.4
db:	VULHUB	id:	VHN-28407	Trust: 0.1
db:	PACKETSTORM	id:	59433	Trust: 0.1

sources: CERT/CC: VU#751808 // VULHUB: VHN-28407 // BID: 85350 // JVNDB: JVNDB-2007-002675 // PACKETSTORM: 59433 // CNNVD: CNNVD-200709-336 // NVD: CVE-2007-5045

REFERENCES

url:	http://www.mozilla.org/security/announce/2007/mfsa2007-28.html	Trust: 2.9
url:	http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox	Trust: 2.8
url:	http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c00771742	Trust: 2.0
url:	https://bugzilla.mozilla.org/show_bug.cgi?id=395942	Trust: 2.0
url:	http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1	Trust: 2.0
url:	http://www.novell.com/linux/security/advisories/2007_57_mozilla.html	Trust: 2.0
url:	http://secunia.com/advisories/26881	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/479179/100/0/threaded	Trust: 1.1
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5896	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2007/3197	Trust: 1.1
url:	http://secunia.com/advisories/26881/	Trust: 0.9
url:	http://www.securityfocus.com/archive/1/archive/1/479179/100/0/threaded	Trust: 0.9
url:	http://docs.info.apple.com/article.html?artnum=306560	Trust: 0.8
url:	http://blog.mozilla.com/security/2007/09/18/firefox-2.0.0.7-now-available/	Trust: 0.8
url:	http://docs.info.apple.com/article.html?artnum=305149	Trust: 0.8
url:	http://developer.apple.com/quicktime/quicktimeintro/tools/embed2.html	Trust: 0.8
url:	http://noscript.net/features#contentblocking	Trust: 0.8
url:	http://noscript.net	Trust: 0.8
url:	http://msdn2.microsoft.com/en-us/library/ms647732.aspx	Trust: 0.8
url:	http://support.microsoft.com/kb/224816	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5045	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5045	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2007/3197	Trust: 0.6
url:	http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5896	Trust: 0.6
url:	http://secunia.com/product/4227/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	https://psi.secunia.com/	Trust: 0.1
url:	http://secunia.com/product/12434/	Trust: 0.1
url:	http://secunia.com/advisories/22048/	Trust: 0.1
url:	http://secunia.com/advisories/25984/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1

sources: CERT/CC: VU#751808 // VULHUB: VHN-28407 // BID: 85350 // JVNDB: JVNDB-2007-002675 // PACKETSTORM: 59433 // CNNVD: CNNVD-200709-336 // NVD: CVE-2007-5045

CREDITS

Unknown

Trust: 0.3

sources: BID: 85350

SOURCES

db:	CERT/CC	id:	VU#751808
db:	VULHUB	id:	VHN-28407
db:	BID	id:	85350
db:	JVNDB	id:	JVNDB-2007-002675
db:	PACKETSTORM	id:	59433
db:	CNNVD	id:	CNNVD-200709-336
db:	NVD	id:	CVE-2007-5045

LAST UPDATE DATE

2024-11-23T20:40:43.834000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#751808	date:	2007-10-04T00:00:00
db:	VULHUB	id:	VHN-28407	date:	2018-10-15T00:00:00
db:	BID	id:	85350	date:	2007-09-23T00:00:00
db:	JVNDB	id:	JVNDB-2007-002675	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200709-336	date:	2009-03-04T00:00:00
db:	NVD	id:	CVE-2007-5045	date:	2024-11-21T00:37:00.810

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#751808	date:	2007-09-13T00:00:00
db:	VULHUB	id:	VHN-28407	date:	2007-09-24T00:00:00
db:	BID	id:	85350	date:	2007-09-23T00:00:00
db:	JVNDB	id:	JVNDB-2007-002675	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	59433	date:	2007-09-20T08:11:10
db:	CNNVD	id:	CNNVD-200709-336	date:	2007-09-23T00:00:00
db:	NVD	id:	CVE-2007-5045	date:	2007-09-24T00:17:00