Vulnerability Details CVE-2005-1579
Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to obtain sensitive information via a .mov file with a Quartz Composer composition (.qtz) file that uses certain patches to read local information, then other patches to send the information to the attacker.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.028
EPSS Ranking 85.6%
CVSS Severity
CVSS v2 Score 5.0
References
- http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0265.html
- http://docs.info.apple.com/article.html?artnum=301714
- http://lists.apple.com/archives/quartzcomposer-dev/2005/May/msg00250.html
- http://lists.apple.com/archives/quartzcomposer-dev/2005/May/msg00263.html
- http://lists.apple.com/archives/security-announce/2005/May/msg00006.html
- http://remahl.se/david/vuln/018
- http://secunia.com/advisories/15307
- http://securitytracker.com/id?1013961
- http://www.osvdb.org/16376
- http://www.securityfocus.com/bid/13603
- http://www.vupen.com/english/advisories/2005/0531
- http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0265.html
- http://docs.info.apple.com/article.html?artnum=301714
- http://lists.apple.com/archives/quartzcomposer-dev/2005/May/msg00250.html
- http://lists.apple.com/archives/quartzcomposer-dev/2005/May/msg00263.html
- http://lists.apple.com/archives/security-announce/2005/May/msg00006.html
- http://remahl.se/david/vuln/018
- http://secunia.com/advisories/15307
- http://securitytracker.com/id?1013961
- http://www.osvdb.org/16376
- http://www.securityfocus.com/bid/13603
- http://www.vupen.com/english/advisories/2005/0531