Описание
QuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information (screen content) via crafted Java applets.
Ссылки
- Patch
- PatchVendor Advisory
- US Government Resource
- Patch
- PatchVendor Advisory
- US Government Resource
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:apple:quicktime:-:*:*:*:*:*:*:*
cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*
cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*
EPSS
Процентиль: 78%
0.01166
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
почти 4 года назад
QuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information (screen content) via crafted Java applets.
EPSS
Процентиль: 78%
0.01166
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-200