CVE-2007-2388Apple Quicktime vulnerability

CWE-2643 documents3 sources
Severity
9.3CRITICALNVD
EPSS
5.3%
top 9.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Quicktime
Timeline
PublishedMay 29
Latest updateMay 1

Description

Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory locations.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDapple/quicktime7.1.6

🔴Vulnerability Details

2
GHSA
GHSA-wr78-fj5w-cgcv: Apple QuickTime for Java 72022-05-01
CVEList
CVE-2007-2388: Apple QuickTime for Java 72007-05-29
CVE-2007-2388 — Apple Quicktime vulnerability | cvebase