Vulnerability Details CVE-2007-2399
WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.152
EPSS Ranking 94.3%
CVSS Severity
CVSS v2 Score 9.3
References
- http://docs.info.apple.com/article.html?artnum=305759
- http://docs.info.apple.com/article.html?artnum=306173
- http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html
- http://osvdb.org/36130
- http://osvdb.org/36450
- http://secunia.com/advisories/25786
- http://secunia.com/advisories/26287
- http://www.kb.cert.org/vuls/id/389868
- http://www.securityfocus.com/bid/24597
- http://www.securitytracker.com/id?1018281
- http://www.vupen.com/english/advisories/2007/2296
- http://www.vupen.com/english/advisories/2007/2316
- http://www.vupen.com/english/advisories/2007/2731
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35019
- http://docs.info.apple.com/article.html?artnum=305759
- http://docs.info.apple.com/article.html?artnum=306173
- http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html
- http://osvdb.org/36130
- http://osvdb.org/36450
- http://secunia.com/advisories/25786
- http://secunia.com/advisories/26287
- http://www.kb.cert.org/vuls/id/389868
- http://www.securityfocus.com/bid/24597
- http://www.securitytracker.com/id?1018281
- http://www.vupen.com/english/advisories/2007/2296
- http://www.vupen.com/english/advisories/2007/2316
- http://www.vupen.com/english/advisories/2007/2731
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35019
Products affected by CVE-2007-2399
-
cpe:2.3:o:apple:iphone_os:-
-
cpe:2.3:o:apple:mac_os_x:10.3.9
-
cpe:2.3:o:apple:mac_os_x:10.4.9
-
cpe:2.3:o:apple:mac_os_x_server:10.3.9
-
cpe:2.3:o:apple:mac_os_x_server:10.4.9