ID

VAR-200710-0520

CVE

CVE-2007-4673

TITLE

Apple QuickTime remote command execution vulnerability

DESCRIPTION

Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be related to CVE-2006-4965 or CVE-2007-5045. Mozilla Firefox does not filter input when sending certain URIs to registered protocol handlers. This may allow a remote, authenticated attacker to use Firefox as a vector for executing commands on a vulnerable system. Apple QuickTime Is Windows And Apple OS X Is a media player that supports. Also, Internet Explorer And Safari , Netscape A compatible browser plug-in is also provided. Web The page creator Web In the page QuickTime Movie When incorporating QuickTime link (.qtl) You can specify parameters for starting an application using a file. One of the parameters that can be specified qtnext Is used to specify the location of multimedia files to import and play. this qtnext A vulnerability exists that allows arbitrary commands to be executed using parameters. QuickTime for Windows is prone to a remote code-execution vulnerability because the application fails to handle URIs securely . Successfully exploiting this issue allows remote attackers to execute arbitrary applications with controlled command-line arguments. This facilitates the remote compromise of affected computers. QuickTime 7.2 running on Microsoft Windows Vista or XP SP2 is vulnerable. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. The security issue is caused due to the "-chrome" parameter allowing execution of arbitrary Javascript script code in chrome context. via applications invoking Firefox with unfiltered command line arguments. This is related to: SA22048 SA25984 The security issue affects Firefox prior to version 2.0.0.7. SOLUTION: Update to version 2.0.0.7. NOTE: Support for Firefox 1.5.0.x has ended June 2007. The vendor encourages users to upgrade to Firefox 2. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. The vulnerability is caused due to an input validation error within the handling of system default URIs with registered URI handlers (e.g. "mailto", "news", "nntp", "snews", "telnet"). using Firefox visits a malicious website with a specially crafted "mailto" URI containing a "%" character and ends in a certain extension (e.g. ".bat", ".cmd") Examples: mailto:test%../../../../windows/system32/calc.exe".cmd nntp:../../../../../Windows/system32/telnet.exe" "secunia.com 80%.bat Successful exploitation requires that Internet Explorer 7 is installed on the system. Other versions and browsers may also be affected. SOLUTION: Do not browse untrusted websites or follow untrusted links. PROVIDED AND/OR DISCOVERED BY: Vulnerability discovered by: * Billy (BK) Rios Firefox not escaping quotes originally discussed by: * Jesper Johansson Additional research by Secunia Research. ORIGINAL ADVISORY: Billy (BK) Rios: http://xs-sniper.com/blog/2007/07/24/remote-command-execution-in-firefox-2005/ OTHER REFERENCES: US-CERT VU#783400: http://www.kb.cert.org/vuls/id/783400 Jesper Johansson blog: http://msinfluentials.com/blogs/jesper/archive/2007/07/20/hey-mozilla-quotes-are-not-legal-in-a-url.aspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-297B Adobe Updates for Microsoft Windows URI Vulnerability Original release date: October 24, 2007 Last revised: -- Source: US-CERT Systems Affected Microsoft Windows XP and Windows Server 2003 systems with Internet Explorer 7 and any of the following Adobe products: * Adobe Reader 8.1 and earlier * Adobe Acrobat Professional, 3D, and Standard 8.1 and earlier * Adobe Reader 7.0.9 and earlier * Adobe Acrobat Professional, 3D, Standard, and Elements 7.0.9 and earlier Overview Adobe has released updates for the Adobe Reader and Adobe Acrobat product families. The update addresses a URI handling vulnerability in Microsoft Windows XP and Server 2003 systems with Internet Explorer 7. I. Description Installing Microsoft Internet Explorer (IE) 7 on Windows XP or Server 2003 changes the way Windows handles Uniform Resource Identifiers (URIs). This change has introduced a flaw that can cause Windows to incorrectly determine the appropriate handler for the protocol specified in a URI. More information about this vulnerability is available in US-CERT Vulnerability Note VU#403150. Public reports indicate that this vulnerability is being actively exploited with malicious PDF files. Adobe has released Adobe Reader 8.1.1 and Adobe Acrobat 8.1.1, which mitigate this vulnerability. II. III. Solution Apply an update Adobe has released Adobe Reader 8.1.1 and Adobe Acrobat 8.1.1 to address this issue. Disable the mailto: URI in Adobe Reader and Adobe Acrobat If you are unable to install an updated version of the software, this vulnerability can be mitigated by disabling the mailto: URI handler in Adobe Reader and Adobe Acrobat. Please see Adobe Security Bulletin APSB07-18 for details. Appendix A. Vendor Information Adobe For information about updating affected Adobe products, see Adobe Security Bulletin APSB07-18. Appendix B. References * Adobe Security Bulletin APSB07-18 - <http://www.adobe.com/support/security/bulletins/apsb07-18.htm> * Microsoft Security Advisory (943521) - <http://www.microsoft.com/technet/security/advisory/943521.mspx> * US-CERT Vulnerability Note VU#403150 - <http://www.kb.cert.org/vuls/id/403150> _________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA07-297B.html> _________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA07-297B Feedback VU#403150" in the subject. _________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. _________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> _________________________________________________________________ Revision History October 24, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRx+8WPRFkHkM87XOAQIrOQf/USsBbfDmKZ4GCi8W2466mI+kZoEHoe/H 3l3p4/1cuFGoPHFfeDLbG+alXiHSAdXoX7Db34InEUKMs7kRUVPEdW9LggI9VaTJ lKnZJxM3dXL+zPCWcDkNqrmmzyJuXwN5FmSXhlcnN4+FRzNrZYwDe1UcOk3q6m1s VNPIBTrqfSuFRllNt+chV1vQ876LLweS+Xh1DIQ/VIyduqvTogoYZO4p2A0YJD57 4y0obNuk+IhgzyhZHtSsR0ql7rGrFr4S97XUQGbKOAZWcDzNGiXJ5FkrMTaP25OI LazBVDofVz8ydUcEkb4belgv5REpfYUJc9hRbRZ+IpbAay2j42m8NQ== =PgB9 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Internet web sites are normally not allowed to link to local resources. It is, however, possible by a malicious web site to open local content in the browser via the "qtnext" attribute of the "embed" tag in a Quicktime Media Link file opened by the QuickTime Plug-In. NOTE: This does not pose any direct security impact by itself, but may be exploited in combination with other vulnerabilities

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

operating system commend injection

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

The vendor disclosed this issue.

SOURCES

LAST UPDATE DATE

2024-08-14T12:54:21.290000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE