Vulnerability Details CVE-2007-2393
The design of QuickTime for Java in Apple Quicktime before 7.2 allows remote attackers to bypass certain security controls and write to process memory via Java applets, possibly leading to arbitrary code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.158
EPSS Ranking 94.7%
CVSS Severity
CVSS v2 Score 9.3
References
- http://docs.info.apple.com/article.html?artnum=305947
- http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html
- http://osvdb.org/36135
- http://secunia.com/advisories/26034
- http://www.securityfocus.com/bid/24873
- http://www.securitytracker.com/id?1018373
- http://www.us-cert.gov/cas/techalerts/TA07-193A.html
- http://www.vupen.com/english/advisories/2007/2510
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35359
- http://docs.info.apple.com/article.html?artnum=305947
- http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html
- http://osvdb.org/36135
- http://secunia.com/advisories/26034
- http://www.securityfocus.com/bid/24873
- http://www.securitytracker.com/id?1018373
- http://www.us-cert.gov/cas/techalerts/TA07-193A.html
- http://www.vupen.com/english/advisories/2007/2510
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35359
Products affected by CVE-2007-2393
-
cpe:2.3:a:apple:quicktime:-
-
cpe:2.3:a:apple:quicktime:7.0
-
cpe:2.3:a:apple:quicktime:7.0.1
-
cpe:2.3:a:apple:quicktime:7.0.2
-
cpe:2.3:a:apple:quicktime:7.0.3
-
cpe:2.3:a:apple:quicktime:7.0.4
-
cpe:2.3:a:apple:quicktime:7.1
-
cpe:2.3:a:apple:quicktime:7.1.1
-
cpe:2.3:a:apple:quicktime:7.1.2
-
cpe:2.3:a:apple:quicktime:7.1.3
-
cpe:2.3:a:apple:quicktime:7.1.4
-
cpe:2.3:a:apple:quicktime:7.1.5