N/A

Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm.

N/A

N/A

Apple Quicktime HREF Track(HREFTrack)跨站脚本攻击漏洞

Apple QuickTime是美国苹果（Apple）公司开发的一款多媒体播放软件。该软件能够处理数字视频、媒体段落等多种资源。 Apple Quicktime 3到7.1.3版本中存在跨站脚本攻击漏洞。远程攻击者可以借助一个带有HREF Track(HREFTrack)的QuickTime电影(.MOV)，来执行任意代码和列出文件系统内容。该HREF Track(HREFTrack)包含一个带有本地URI的自动操作标签。通过利用一个MySpace蠕虫，可以在预览过程中在本地储存区运行它。

N/A

N/A