9.3

CVE-2007-2399

WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApplemacOS X Version10.3.9
   AppleiPhone OS Version <= 1.0
ApplemacOS X Version10.4.9
   AppleiPhone OS Version <= 1.0
ApplemacOS X Server Version10.3.9
   AppleiPhone OS Version <= 1.0
ApplemacOS X Server Version10.4.9
   AppleiPhone OS Version <= 1.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.29% 0.936
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.vupen.com/english/advisories/2007/2316
Vendor Advisory
http://docs.info.apple.com/article.html?artnum=305759
http://docs.info.apple.com/article.html?artnum=306173
http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html
http://osvdb.org/36130
http://osvdb.org/36450
http://secunia.com/advisories/25786
Patch
Vendor Advisory
http://secunia.com/advisories/26287
Vendor Advisory
http://www.kb.cert.org/vuls/id/389868
US Government Resource
http://www.securityfocus.com/bid/24597
http://www.securitytracker.com/id?1018281
Patch
http://www.vupen.com/english/advisories/2007/2296
Vendor Advisory
http://www.vupen.com/english/advisories/2007/2731
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/35019