PT-2007-3722 · Apple · Quicktime For Java

Published

2007-05-29

Updated

2017-07-29

CVE-2007-2389

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apple QuickTime for Java version 7.1.6

Description The issue is related to QuickTime for Java, which allows a maliciously crafted applet to access web browser memory and disclose sensitive information, resulting in a loss of confidentiality. This is due to the failure of Apple QuickTime for Java to clear potentially sensitive memory before use, enabling remote attackers to read memory from a web browser.

Recommendations For Apple QuickTime for Java version 7.1.6, consider disabling the use of Java applets in web browsers until a patch is available to prevent potential unauthorized information disclosure.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-2389

Affected Products

Quicktime For Java

PT-2007-3722 · Apple · Quicktime For Java

CVE-2007-2389

Related Identifiers

Affected Products

References · 9