CVE-2007-5045

N/A Unknown

Published: September 24, 2007 Modified: April 23, 2026

Description

Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter containing the Firefox "-chrome" argument. NOTE: this is a related issue to CVE-2006-4965 and the result of an incomplete fix for CVE-2007-3670.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

Source: cve@mitre.org

http://secunia.com/advisories/26881

Source: cve@mitre.org

Patch Vendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1

Source: cve@mitre.org

http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox

Source: cve@mitre.org

http://www.mozilla.org/security/announce/2007/mfsa2007-28.html

Source: cve@mitre.org

Patch

http://www.novell.com/linux/security/advisories/2007_57_mozilla.html

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/479179/100/0/threaded

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/3197

Source: cve@mitre.org

https://bugzilla.mozilla.org/show_bug.cgi?id=395942

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5896

Source: cve@mitre.org

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/26881

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mozilla.org/security/announce/2007/mfsa2007-28.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.novell.com/linux/security/advisories/2007_57_mozilla.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/479179/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/3197

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=395942

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5896

Source: af854a3a-2127-422b-91ae-364da2661108

20 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

3.5%

88th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-94

Affected Vendors

apple mozilla

Related CVEs

CVE-2026-40941 N/A

CVE-2026-40084 6.5

CVE-2026-40083 7.2

CVE-2026-40082 5.4

CVE-2026-40080 6.1