MOAB-03-01-2007: Apple Quicktime HREFTrack Cross-Zone Scripting vulnerability

A month ago, a vulnerability in QuickTime was exploited to spread a worm in MySpace. The vulnerability was first published by pdp. In his article, pdp describes how HREFTrack attribute in .mov files can be used for malicious scripting. The MySpace worm abused this vulnerability in a cross-site scripting attack vector.

This MoAB issue shows that this vulnerability can also be used in a cross-zone scripting attack which could allow, in combination with other vulnerabilities, to remotely execute arbitrary code on the user's machine, as well as disclosure of the filesystem contents.Thanks to Aviv Raff for contributing this nice issue. Thanks to pdp for working around Quicktime scripting issues too.

For further information:

• Apple Quicktime HREFTrack Cross-Zone Scripting vulnerability
• Exploit: MOAB-03-01-2007.rb and MOAB-03-01-2007.mov