CVE-2007-2393
First published: Sun Jul 15 2007(Updated: )
The design of QuickTime for Java in Apple Quicktime before 7.2 allows remote attackers to bypass certain security controls and write to process memory via Java applets, possibly leading to arbitrary code execution.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple QuickTime | =7.0.3 | |
| Apple QuickTime | =7.1.5 | |
| Apple QuickTime | =7.0.1 | |
| Apple QuickTime | =7.0 | |
| Apple QuickTime | =7.0.2 | |
| Apple QuickTime | =7.0.4 | |
| Apple QuickTime | =7.1.2 | |
| Apple QuickTime | =7.1 | |
| Apple QuickTime | =7.1.1 | |
| Apple QuickTime | =7.1.4 | |
| Apple QuickTime | =7.1.3 | |
| Apple QuickTime |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://docs.info.apple.com/article.html?artnum=305947
- http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html
- http://www.securityfocus.com/bid/24873
- http://secunia.com/advisories/26034
- http://www.us-cert.gov/cas/techalerts/TA07-193A.html
- http://www.securitytracker.com/id?1018373
- http://osvdb.org/36135
- http://www.vupen.com/english/advisories/2007/2510
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35359
Frequently Asked Questions
What is the severity of CVE-2007-2393?
CVE-2007-2393 is considered a high severity vulnerability due to the potential for arbitrary code execution.
How do I fix CVE-2007-2393?
To fix CVE-2007-2393, update Apple QuickTime to version 7.2 or later.
What types of attacks are possible due to CVE-2007-2393?
CVE-2007-2393 allows remote attackers to bypass security controls and write to process memory, potentially leading to arbitrary code execution.
Which versions of QuickTime are affected by CVE-2007-2393?
CVE-2007-2393 affects several versions of Apple QuickTime prior to 7.2, including versions 7.0.1 to 7.1.5.
Can CVE-2007-2393 be exploited through Java applets?
Yes, CVE-2007-2393 can be exploited through Java applets, allowing attackers to execute arbitrary code.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/remedy
- agent/author
- agent/last-modified-date
- agent/severity
- agent/references
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/apple
- canonical/apple quicktime
- version/apple quicktime/7.0.3
- version/apple quicktime/7.1.5
- version/apple quicktime/7.0.1
- version/apple quicktime/7.0
- version/apple quicktime/7.0.2
- version/apple quicktime/7.0.4
- version/apple quicktime/7.1.2
- version/apple quicktime/7.1
- version/apple quicktime/7.1.1
- version/apple quicktime/7.1.4
- version/apple quicktime/7.1.3