Rapid7 Vulnerability & Exploit Database

QuickTime: improper handling of external URLs in movies allows sensitive information disclosure (CVE-2008-1014)

Back to Search

QuickTime: improper handling of external URLs in movies allows sensitive information disclosure (CVE-2008-1014)

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
04/04/2008
Created
07/25/2018
Added
10/25/2010
Modified
02/13/2015

Description

Specially crafted QuickTime movies can automatically open external URLs, which may lead to information disclosure. This update addresses the issue through improved handling of external URLs embedded in movie files. Credit to Jorge Escala of Open Tech Solutions, and Vinoo Thomas and Rahul Mohandas of McAfee Avert Labs for reporting this issue.

Solution(s)

  • quicktime-upgrade-7_4_5

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;