CVE-2007-2388

Name of the Vulnerable Software and Affected Versions Apple QuickTime for Java version 7.1.6

Description The issue allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions, which can be leveraged to write to arbitrary memory locations. A buffer overflow exists due to the failure to validate applets, resulting in a heap overflow. This can lead to arbitrary code execution, resulting in a loss of integrity.

Recommendations For Apple QuickTime for Java version 7.1.6, consider disabling the QTObject subclassing feature as a temporary workaround until a patch is available. Restrict access to unsafe functions that can be leveraged to write to arbitrary memory locations to minimize the risk of exploitation. Avoid using specially crafted applets in QuickTime for Java until the issue is resolved.