Apple QuickTime 任意脚本执行漏洞

漏洞信息详情

Apple QuickTime 任意脚本执行漏洞

• CNNVD编号：CNNVD-200609-423
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2006-4965
  
• 漏洞类型：
  
  
  代码注入
  
• 发布时间：
  
  2006-09-24
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-09-28
  
• 厂        商：
  
  apple
• 漏洞来源：
  pdp of gnucitizen….

Apple QuickTime 7.1.3 Player和Plug-In，可让远程攻击者执行任意JavaScript代码，并可能通过带有嵌入式XML元素和标识原始域外部资源的qtnext参数的QuickTime Media Link (QTL)文件执行其他攻击。

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

Slackware Linux 12.0

Slackware mozilla-firefox-2.0.0.8-i686-1.tgz

ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/

mozilla-firefox-2.0.0.8-i686-1.tgz

Slackware seamonkey-1.1.5-i486-1_slack12.tgz

ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/

seamonkey-1.1.5-i486-1_slack12.tgz

Slackware Linux -current

Slackware mozilla-firefox-2.0.0.8-i686-1.tgz

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/

mozilla-firefox-2.0.0.8-i686-1.tgz

Slackware seamonkey-1.1.5-i486-1.tgz

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/

seamonkey-1.1.5-i486-1.tgz

Slackware Linux 11.0

Slackware mozilla-firefox-2.0.0.8-i686-1.tgz

ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/

mozilla-firefox-2.0.0.8-i686-1.tgz

Slackware seamonkey-1.1.5-i486-1_slack11.0.tgz

ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/

seamonkey-1.1.5-i486-1_slack11.0.tgz

Slackware Linux 10.2

Slackware mozilla-firefox-2.0.0.8-i686-1.tgz

ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/

mozilla-firefox-2.0.0.8-i686-1.tgz

来源: US-CERT

名称: VU#751808

链接:http://www.kb.cert.org/vuls/id/751808

来源: SECTRACK

名称: 1018687

链接:http://www.securitytracker.com/id?1018687

来源: BID

名称: 20138

链接:http://www.securityfocus.com/bid/20138

来源: BUGTRAQ

名称: 20070912 0DAY: QuickTime pwns Firefox

链接:http://www.securityfocus.com/archive/1/archive/1/479179/100/0/threaded

来源: BUGTRAQ

名称: 20061207 New MySpace worm could be on its way

链接:http://www.securityfocus.com/archive/1/archive/1/453756/100/0/threaded

来源: BUGTRAQ

名称: 20060920 Backdooring MP3 files (plus QuickTime issues and Cross-context Scripting)

链接:http://www.securityfocus.com/archive/1/archive/1/446750/100/0/threaded

来源: MISC

链接:http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up

来源: MISC

链接:http://www.gnucitizen.org/blog/backdooring-mp3-files/

来源: MISC

链接:http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox

来源: VUPEN

名称: ADV-2007-3155

链接:http://www.frsirt.com/english/advisories/2007/3155

来源: SREASON

名称: 1631

链接:http://securityreason.com/securityalert/1631

来源: SECUNIA

名称: 27414

链接:http://secunia.com/advisories/27414

来源: SECUNIA

名称: 22048

链接:http://secunia.com/advisories/22048

来源: APPLE

名称: APPLE-SA-2007-03-05

链接:http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html

来源: docs.info.apple.com

链接:http://docs.info.apple.com/article.html?artnum=305149