Lucene search

[email protected]CVE-2007-2397

HistoryJul 15, 2007 - 9:30 p.m.

CVE-2007-2397

2007-07-1521:30:00

[email protected]

web.nvd.nist.gov

cve-2007-2397

quicktime

java

security controls

remote code execution

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.682 Medium

EPSS

Percentile

98.0%

JSON

QuickTime for Java in Apple Quicktime before 7.2 does not properly check permissions, which allows remote attackers to disable security controls and execute arbitrary code via crafted Java applets.

Affected configurations

NVD

Node

applequicktimeMatch-

applequicktimeMatch7.0

applequicktimeMatch7.0.1

applequicktimeMatch7.0.2

applequicktimeMatch7.0.3

applequicktimeMatch7.0.4

applequicktimeMatch7.1

applequicktimeMatch7.1.1

applequicktimeMatch7.1.2

applequicktimeMatch7.1.3

applequicktimeMatch7.1.4

applequicktimeMatch7.1.5

CPENameOperatorVersion
apple:quicktimeapple quicktimeeq-
apple:quicktimeapple quicktimeeq7.0
apple:quicktimeapple quicktimeeq7.0.1
apple:quicktimeapple quicktimeeq7.0.2
apple:quicktimeapple quicktimeeq7.0.3
apple:quicktimeapple quicktimeeq7.0.4
apple:quicktimeapple quicktimeeq7.1
apple:quicktimeapple quicktimeeq7.1.1
apple:quicktimeapple quicktimeeq7.1.2
apple:quicktimeapple quicktimeeq7.1.3

CPE	Name	Operator	Version
apple:quicktime	apple quicktime	eq	-
apple:quicktime	apple quicktime	eq	7.0
apple:quicktime	apple quicktime	eq	7.0.1
apple:quicktime	apple quicktime	eq	7.0.2
apple:quicktime	apple quicktime	eq	7.0.3
apple:quicktime	apple quicktime	eq	7.0.4
apple:quicktime	apple quicktime	eq	7.1
apple:quicktime	apple quicktime	eq	7.1.1
apple:quicktime	apple quicktime	eq	7.1.2
apple:quicktime	apple quicktime	eq	7.1.3

Rows per page:

1-10 of 121

References

docs.info.apple.com/article.html?artnum=305947

lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html

osvdb.org/36132

secunia.com/advisories/26034

www.securityfocus.com/bid/24873

www.securitytracker.com/id?1018373

www.us-cert.gov/cas/techalerts/TA07-193A.html

www.vupen.com/english/advisories/2007/2510

exchange.xforce.ibmcloud.com/vulnerabilities/35358

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.682 Medium

EPSS

Percentile

98.0%

JSON

Related for CVE-2007-2397

nvd1 prion1 cvelist1 nessus2 seebug1