漏洞起因
边界条件错误
危险等级
中
影响系统
Apple QuickTime Player 7.6.8
Apple QuickTime Player 7.6.7
Apple QuickTime Player 7.6.6 (1671)
Apple QuickTime Player 7.6.6
Apple QuickTime Player 7.6.5
Apple QuickTime Player 7.6.4
Apple QuickTime Player 7.6.2
Apple QuickTime Player 7.6.1
Apple QuickTime Player 7.5.5
Apple QuickTime Player 7.4.5
Apple QuickTime Player 7.4.1
Apple QuickTime Player 7.7
Apple QuickTime Player 7.64.17.73
Apple QuickTime Player 7.6.9
Apple QuickTime Player 7.6
Apple QuickTime Player 7.5
Apple QuickTime Player 7.4
不受影响系统
Apple QuickTime Player 7.7.1
危害
远程攻击者可以利用漏洞进行跨站脚本攻击。
攻击所需条件
攻击者必须构建恶意脚本,诱使用户引用。
漏洞信息
Apple QuickTime是一款流行的多媒体播放器。
QuickTime Player’s “Save for Web”导出存在跨站脚本问题,此功能生成模版HTML文件时引用未加密源的脚本文件,如果用户本地查看模版文件,在特权网络位置的攻击者可向本地域注入恶意脚本。
测试方法
厂商解决方案
Apple QuickTime Player 7.7.1已经修复此漏洞,建议用户下载使用:
http://www.apple.com/quicktime/
漏洞提供者
Aaron Sigel of vtty.com
0 条评论。