First published: Tue Jun 10 2008(Updated: )
Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote attackers to execute arbitrary programs, as originally demonstrated by crafted file: URLs.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apple Quicktime | <=7.4.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.