CVE-2006-4965

Name of the Vulnerable Software and Affected Versions Apple QuickTime version 7.1.3

Description The issue allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. This can be used to execute arbitrary local files within browsers like Firefox and possibly Internet Explorer.

Recommendations For Apple QuickTime version 7.1.3, consider disabling the execution of JavaScript code from QTL files until a patch is available. Restrict access to resources outside of the original domain to minimize the risk of exploitation. Avoid using the qtnext parameter in QTL files with embed XML elements until the issue is resolved.