Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1579

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-1579
Last Modified 07 Mar 2011 09:22:13
Published 12 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1579

Summary

Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to obtain sensitive information via a .mov file with a Quartz Composer composition (.qtz) file that uses certain patches to read local information, then other patches to send the information to the attacker.

Vulnerable Systems

Application

  • Apple Quicktime 7.0


References

BID - 13603

SECUNIA - 15307

VUPEN - ADV-2005-0531

OSVDB - 16376

SECTRACK - 1013961

MISC - http://remahl.se/david/vuln/018

APPLE - APPLE-SA-2005-05-31

MLIST - [quartzcomposer-dev] 20050511 Re: Quartz Quicktime embedded in remote webpages...

MLIST - [quartzcomposer-dev] 20050510 Quartz Quicktime embedded in remote webpages...

FULLDISC - 20050511 [DR018] Quartz Composer / QuickTime 7 information leakage

CONFIRM - http://docs.info.apple.com/article.html?artnum=301714


Last Updated: 27 May 2016 10:40:13