CVE-2007-0059

Name of the Vulnerable Software and Affected Versions Apple Quicktime versions 3 to 7.1.3

Description A cross-zone scripting issue allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI. This is executed in a local zone during preview.

Recommendations For Apple Quicktime versions 3 to 7.1.3, consider disabling the automatic execution of local URIs in HREF Tracks as a temporary workaround until a patch is available. Restrict access to QuickTime movies with potentially malicious HREF Tracks to minimize the risk of exploitation.