CVE-2007-2399

Опубликовано: 25 июн. 2007

Источник: nvd

CVSS2: 9.3

EPSS Средний

Описание

WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption.

Ссылки

http://docs.info.apple.com/article.html?artnum=305759
http://docs.info.apple.com/article.html?artnum=306173
http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html
http://osvdb.org/36130
http://osvdb.org/36450
http://secunia.com/advisories/25786
Patch
Vendor Advisory
http://secunia.com/advisories/26287
Vendor Advisory
http://www.kb.cert.org/vuls/id/389868
US Government Resource
http://www.securityfocus.com/bid/24597
http://www.securitytracker.com/id?1018281
Patch
http://www.vupen.com/english/advisories/2007/2296
Vendor Advisory
http://www.vupen.com/english/advisories/2007/2316
Vendor Advisory
http://www.vupen.com/english/advisories/2007/2731
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/35019
http://docs.info.apple.com/article.html?artnum=305759
http://docs.info.apple.com/article.html?artnum=306173
http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html
http://osvdb.org/36130
http://osvdb.org/36450
http://secunia.com/advisories/25786
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия до 1.0 (включая)

Одно из

cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.15085

Средний

9.3 Critical

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-v73v-2jgh-w8c6

github

почти 4 года назад