Apple QuickTime prior to 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote malicious users to execute arbitrary programs, as originally demonstrated by crafted file: URLs.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple quicktime |