Описание
Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote attackers to execute arbitrary programs, as originally demonstrated by crafted file: URLs.
Ссылки
- Patch
- US Government Resource
- US Government Resource
- Patch
Уязвимые конфигурации
Конфигурация 1Версия до 7.4.5 (включая)
cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.09415
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
почти 4 года назад
Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote attackers to execute arbitrary programs, as originally demonstrated by crafted file: URLs.
EPSS
Процентиль: 93%
0.09415
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-20