Pdp

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.5 **Description** The issue allows remote attackers to execute arbitrary programs by using the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files. This handler sends these URIs to explorer.exe, enabling the execution of malicious programs. **Recommendations** For Apple QuickTime versions prior to 7.5, update to version 7.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat and Reader version 8.1 **Description** The issue allows remote attackers to execute arbitrary code via a crafted PDF file. It is related to the mailto: option and Internet Explorer 7 on Windows XP. **Recommendations** For Adobe Acrobat and Reader version 8.1, update to a version that fixes this issue to prevent remote code execution.

**Name of the Vulnerable Software and Affected Versions** Linden Lab Second Life (affected versions not specified) **Description** The issue concerns the `login to simulator` method, which sends an MD5 hash in cleartext in the `passwd` field. This allows remote attackers to login to an account by sniffing the network and then sending this hash to a Second Life authentication server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox version 1.8 **Description** The issue allows remote attackers to obtain sensitive information by querying the browser's session history. This is due to the CheckLoadURI function listing the about: URI as a ChromeProtocol, which can be loaded via JavaScript. **Recommendations** For Mozilla Firefox version 1.8, consider disabling the CheckLoadURI function or restricting JavaScript access to the about: URI as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Apple Quicktime versions 3 to 7.1.3 **Description** A cross-zone scripting issue allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI. This is executed in a local zone during preview. **Recommendations** For Apple Quicktime versions 3 to 7.1.3, consider disabling the automatic execution of local URIs in HREF Tracks as a temporary workaround until a patch is available. Restrict access to QuickTime movies with potentially malicious HREF Tracks to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime version 7.1.3 **Description** The issue allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a `qtnext` parameter that identifies resources outside of the original domain. This can be used to execute arbitrary local files within browsers like Firefox and possibly Internet Explorer. **Recommendations** For Apple QuickTime version 7.1.3, consider disabling the execution of JavaScript code from QTL files until a patch is available. Restrict access to resources outside of the original domain to minimize the risk of exploitation. Avoid using the `qtnext` parameter in QTL files with embed XML elements until the issue is resolved.