Vulnerability in Apple Mac_os_x
CVE-2007-2388
Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions t…
EPSS: 0.060 (92.4th percentile) — read the EPSS interpretation.
Affected products
- Apple Mac_os_x — versions 10.0, 10.0.1, 10.0.2
- Apple Quicktime — versions 7.1.6
- Microsoft All_windows
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (vendor-advisory, x_refsource_APPLE)
- cve@mitre.org (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
- cve@mitre.org (vdb-entry, x_refsource_SECTRACK)
- cve@mitre.org (US Government Resource, x_refsource_CERT-VN, third-party-advisory)
- cve@mitre.org (x_refsource_OSVDB, vdb-entry)
- cve@mitre.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- cve@mitre.org (vdb-entry, x_refsource_BID)
- cve@mitre.org (x_refsource_MISC, Vendor Advisory)