CVE-2007-2397 - Vulnerability Details - OpenCVE

QuickTime for Java in Apple Quicktime before 7.2 does not properly check permissions, which allows remote attackers to disable security controls and execute arbitrary code via crafted Java applets.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Quicktime

Configuration 1 [-]

OR	cpe:2.3:a:apple:quicktime:-:::::::*
	cpe:2.3:a:apple:quicktime:7.0:::::::*
	cpe:2.3:a:apple:quicktime:7.0.1:::::::*
	cpe:2.3:a:apple:quicktime:7.0.2:::::::*
	cpe:2.3:a:apple:quicktime:7.0.3:::::::*
	cpe:2.3:a:apple:quicktime:7.0.4:::::::*
	cpe:2.3:a:apple:quicktime:7.1:::::::*
	cpe:2.3:a:apple:quicktime:7.1.1:::::::*
	cpe:2.3:a:apple:quicktime:7.1.2:::::::*
	cpe:2.3:a:apple:quicktime:7.1.3:::::::*
	cpe:2.3:a:apple:quicktime:7.1.4:::::::*
	cpe:2.3:a:apple:quicktime:7.1.5:::::::*

No data.

References

Link	Providers
http://docs.info.apple.com/article.html?artnum=305947
http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html
http://osvdb.org/36132
http://secunia.com/advisories/26034
http://www.securityfocus.com/bid/24873
http://www.securitytracker.com/id?1018373
http://www.us-cert.gov/cas/techalerts/TA07-193A.html
http://www.vupen.com/english/advisories/2007/2510
https://exchange.xforce.ibmcloud.com/vulnerabilities/35358

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-07-15T21:00:00

Updated: 2024-08-07T13:33:28.726Z

Reserved: 2007-04-30T00:00:00

Link: CVE-2007-2397

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-07-15T21:30:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-2397

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-07-11T00:00:00", "descriptions": [{"lang": "en", "value": "QuickTime for Java in Apple Quicktime before 7.2 does not properly check permissions, which allows remote attackers to disable security controls and execute arbitrary code via crafted Java applets."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "26034", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26034"}, {"name": "1018373", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018373"}, {"name": "TA07-193A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-193A.html"}, {"name": "ADV-2007-2510", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2510"}, {"name": "36132", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36132"}, {"name": "24873", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24873"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=305947"}, {"name": "APPLE-SA-2007-07-11", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html"}, {"name": "quicktime-applet-code-execution(35358)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35358"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2397", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "QuickTime for Java in Apple Quicktime before 7.2 does not properly check permissions, which allows remote attackers to disable security controls and execute arbitrary code via crafted Java applets."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "26034", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26034"}, {"name": "1018373", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018373"}, {"name": "TA07-193A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-193A.html"}, {"name": "ADV-2007-2510", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2510"}, {"name": "36132", "refsource": "OSVDB", "url": "http://osvdb.org/36132"}, {"name": "24873", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24873"}, {"name": "http://docs.info.apple.com/article.html?artnum=305947", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=305947"}, {"name": "APPLE-SA-2007-07-11", "refsource": "APPLE", "url": "http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html"}, {"name": "quicktime-applet-code-execution(35358)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35358"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:33:28.726Z"}, "title": "CVE Program Container", "references": [{"name": "26034", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26034"}, {"name": "1018373", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1018373"}, {"name": "TA07-193A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-193A.html"}, {"name": "ADV-2007-2510", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2510"}, {"name": "36132", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/36132"}, {"name": "24873", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24873"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://docs.info.apple.com/article.html?artnum=305947"}, {"name": "APPLE-SA-2007-07-11", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html"}, {"name": "quicktime-applet-code-execution(35358)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35358"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2397", "datePublished": "2007-07-15T21:00:00", "dateReserved": "2007-04-30T00:00:00", "dateUpdated": "2024-08-07T13:33:28.726Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:quicktime:-:*:*:*:*:*:*:*", "matchCriteriaId": "1EE08FAE-0862-4C36-95BC-878B04CBF397", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "F075BA0F-4A96-4F25-AF1D-C64C7DCE1CDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "8692B488-129A-49EA-AF84-6077FCDBB898", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "1758610B-3789-489E-A751-386D605E5A08", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "B535737C-BF32-471C-B26A-588632FCC427", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "DF2C61F8-B376-40F9-8677-CADCC3295915", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "6254BB56-5A25-49DC-A851-3CCA249BD71D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "795E3354-7824-4EF4-A788-3CFEB75734E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "9419A1E9-A0DA-4846-8959-BE50B53736E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "952A8015-B18B-481C-AC17-60F0D7EEE085", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "3E518B27-A79B-43A4-AFA6-E59EF8E944D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "AEC6EF36-93B3-49BB-9A6F-1990E3F4170E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "QuickTime for Java in Apple Quicktime before 7.2 does not properly check permissions, which allows remote attackers to disable security controls and execute arbitrary code via crafted Java applets."}, {"lang": "es", "value": "QuickTime para Java en Apple Quicktime versiones anteriores a 7.2 no comprueba los permisos apropiadamente, lo cual permite a atacantes remotos deshabilitar controles de seguridad y ejecutar c\u00f3digo de su elecci\u00f3n mediante applets Java manipulados."}], "id": "CVE-2007-2397", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-07-15T21:30:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://docs.info.apple.com/article.html?artnum=305947"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/36132"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/26034"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/24873"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018373"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-193A.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2510"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35358"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://docs.info.apple.com/article.html?artnum=305947"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/36132"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/26034"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/24873"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1018373"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-193A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/2510"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35358"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}