CVE-2007-2388 in QuickTimeinfo

Summary

Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory locations.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

04/30/2007

Disclosure

05/29/2007

Moderation

VulDB entry created

Entries

VDB-36990 (1)

CPE

ready

CWE

CWE-264 (Confirmed)

CVSS

10.0

EPSS

0.05276

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2007-2388
NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-2388
CVE Details	https://www.cvedetails.com/cve/CVE-2007-2388/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!