CVE-2007-2402Sensitive Information Exposure in Apple Quicktime

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
1.2%
top 20.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Quicktime
Timeline
PublishedJul 15
Latest updateMay 1

Description

QuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information (screen content) via crafted Java applets.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDapple/quicktime11 versions+10

Patches

Patch: lists.apple.comPatch: secunia.comPatch: lists.apple.com

🔴Vulnerability Details

2
GHSA
GHSA-h24f-49f9-gqhv: QuickTime for Java in Apple Quicktime before 72022-05-01
CVEList
CVE-2007-2402: QuickTime for Java in Apple Quicktime before 72007-07-15
CVE-2007-2402 — Sensitive Information Exposure in Apple | cvebase