4.3
CVE-2007-2402
- EPSS 2.84%
- Veröffentlicht 15.07.2007 21:30:00
- Zuletzt bearbeitet 16.06.2026 22:39:31
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
QuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information (screen content) via crafted Java applets.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.84% | 0.848 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://docs.info.apple.com/article.html?artnum=305947
http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html
http://secunia.com/advisories/26034
http://www.securitytracker.com/id?1018373
http://www.us-cert.gov/cas/techalerts/TA07-193A.html
http://www.vupen.com/english/advisories/2007/2510
http://www.securityfocus.com/bid/24873
http://osvdb.org/36131
https://exchange.xforce.ibmcloud.com/vulnerabilities/35361