CVSS: 9.3EPSS: 68%CPEs: 12EXPL: 0CVE-2007-2397
https://notcve.org/view.php?id=CVE-2007-2397
QuickTime for Java in Apple Quicktime before 7.2 does not properly check permissions, which allows remote attackers to disable security controls and execute arbitrary code via crafted Java applets. QuickTime para Java en Apple Quicktime versiones anteriores a 7.2 no comprueba los permisos apropiadamente, lo cual permite a atacantes remotos deshabilitar controles de seguridad y ejecutar código de su elección mediante applets Java manipulados. • http://docs.info.apple.com/article.html?artnum=305947 http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html http://osvdb.org/36132 http://secunia.com/advisories/26034 http://www.securityfocus.com/bid/24873 http://www.securitytracker.com/id?1018373 http://www.us-cert.gov/cas/techalerts/TA07-193A.html http://www.vupen.com/english/advisories/2007/2510 https://exchange.xforce.ibmcloud.com/vulnerabilities/35358 •
CVSS: 9.3EPSS: 5%CPEs: 14EXPL: 0CVE-2007-2392
https://notcve.org/view.php?id=CVE-2007-2392
Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via a crafted movie file that triggers memory corruption. Apple Quicktime anterior al 7.2 en el Mac OS X 10.3.9 y 10.4.9 permite a atacantes remotos con la intervención del usuario ejecutar código de su elección a través de un fichero de vídeo modificado que dispara una corrupción de memoria. • http://docs.info.apple.com/article.html?artnum=305947 http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html http://osvdb.org/36136 http://secunia.com/advisories/26034 http://www.kb.cert.org/vuls/id/582681 http://www.securityfocus.com/bid/24873 http://www.securitytracker.com/id?1018373 http://www.us-cert.gov/cas/techalerts/TA07-193A.html http://www.vupen.com/english/advisories/2007/2510 https://exchange.xforce.ibmcloud.com/vulnerabilities/35353 •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2007-2402
https://notcve.org/view.php?id=CVE-2007-2402
QuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information (screen content) via crafted Java applets. QuickTime para Java en Apple Quicktime anterior a 7.2 no realiza suficiente "control de acceso", lo cual permite a atacantes remotos obtener información sensible (contenido de la pantalla) mediante applets Java manipulados. • http://docs.info.apple.com/article.html?artnum=305947 http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html http://osvdb.org/36131 http://secunia.com/advisories/26034 http://www.securityfocus.com/bid/24873 http://www.securitytracker.com/id?1018373 http://www.us-cert.gov/cas/techalerts/TA07-193A.html http://www.vupen.com/english/advisories/2007/2510 https://exchange.xforce.ibmcloud.com/vulnerabilities/35361 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 6%CPEs: 12EXPL: 0CVE-2007-2396
https://notcve.org/view.php?id=CVE-2007-2396
The JDirect support in QuickTime for Java in Apple Quicktime before 7.2 exposes certain dangerous interfaces, which allows remote attackers to execute arbitrary code via crafted Java applets. El soporte JDirect de QuickTime para Java en Apple Quicktime anterior a 7.2 expone determinadas interfaces peligrosas, lo cual permite a atacantes remotos ejecutar código de su elección mediante applets Java manipulados. • http://docs.info.apple.com/article.html?artnum=305947 http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html http://osvdb.org/36133 http://secunia.com/advisories/26034 http://www.securityfocus.com/bid/24873 http://www.securitytracker.com/id?1018373 http://www.us-cert.gov/cas/techalerts/TA07-193A.html http://www.vupen.com/english/advisories/2007/2510 https://exchange.xforce.ibmcloud.com/vulnerabilities/35360 •
CVSS: 9.3EPSS: 71%CPEs: 14EXPL: 2CVE-2007-2394 – Apple QuickTime < 7.2 - SMIL Remote Integer Overflow
https://notcve.org/view.php?id=CVE-2007-2394
Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation. Desbordamiento de entero en Apple Quicktime anterior a 7.2 en Mac OS X 10.3.9 y 10.4.9 permite a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante los campos (1) title y (2) author modificados artesanalmente en un fichero SMIL, relacionado con cálculos indebidos para reserva de memoria. • https://www.exploit-db.com/exploits/4359 https://www.exploit-db.com/exploits/30292 http://docs.info.apple.com/article.html?artnum=305947 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=556 http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html http://osvdb.org/36134 http://secunia.com/advisories/26034 http://www.securityfocus.com/archive/1/473882/100/100/threaded http://www.securityfocus.com/bid/24873 http://www.securitytracker.com/id?1 •