Lucene search

MitreCVE-2007-2399

HistoryJun 25, 2007 - 7:30 p.m.

CVE-2007-2399

2007-06-2519:30:00

mitre

web.nvd.nist.gov

cve-2007-2399

webkit

apple

mac os x

iphone

remote code execution

memory corruption

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.167

Percentile

96.1%

JSON

WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an “invalid type conversion”, which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption.

Affected configurations

Nvd

Node

appleiphone_osRange≤1.0

AND

applemac_os_xMatch10.3.9

applemac_os_xMatch10.4.9

applemac_os_x_serverMatch10.3.9

applemac_os_x_serverMatch10.4.9

VendorProductVersionCPE
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
applemac_os_x10.3.9cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
applemac_os_x10.4.9cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*
applemac_os_x_server10.3.9cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*
applemac_os_x_server10.4.9cpe:2.3:o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	iphone_os	*	cpe:2.3:o:apple:iphone_os::::::::
apple	mac_os_x	10.3.9	cpe:2.3:o:apple:mac_os_x:10.3.9:::::::*
apple	mac_os_x	10.4.9	cpe:2.3:o:apple:mac_os_x:10.4.9:::::::*
apple	mac_os_x_server	10.3.9	cpe:2.3:o:apple:mac_os_x_server:10.3.9:::::::*
apple	mac_os_x_server	10.4.9	cpe:2.3:o:apple:mac_os_x_server:10.4.9:::::::*

References

docs.info.apple.com/article.html?artnum=305759

docs.info.apple.com/article.html?artnum=306173

lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html

osvdb.org/36130

osvdb.org/36450

secunia.com/advisories/25786

secunia.com/advisories/26287

www.kb.cert.org/vuls/id/389868

www.securityfocus.com/bid/24597

www.securitytracker.com/id?1018281

www.vupen.com/english/advisories/2007/2296

www.vupen.com/english/advisories/2007/2316

www.vupen.com/english/advisories/2007/2731

exchange.xforce.ibmcloud.com/vulnerabilities/35019

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.167

Percentile

96.1%

JSON

Related for CVE-2007-2399