Unrated severityNVD Advisory· Published Jan 5, 2007· Updated Jun 16, 2026
CVE-2007-0059
CVE-2007-0059
Description
Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*range: <=7.1.3
- cpe:2.3:a:apple:quicktime:3.0:*:*:*:*:*:*:*
- (no CPE)range: <=7.1.3
Patches
Vulnerability mechanics
References
6- projects.info-pull.com/moab/MOAB-03-01-2007.htmlnvdExploit
- www.gnucitizen.org/blog/backdooring-quicktime-movies/nvdVendor Advisory
- www.kb.cert.org/vuls/id/304064nvdUS Government Resource
- docs.info.apple.com/article.htmlnvd
- lists.apple.com/archives/Security-announce/2007/Mar/msg00000.htmlnvd
- osvdb.org/31164nvd
News mentions
0No linked articles in our index yet.