Vulnerability Details CVE-2007-2399
WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.073
EPSS Ranking 93.6%
CVSS Severity
CVSS v2 Score 9.3
References
- http://docs.info.apple.com/article.html?artnum=305759
- http://docs.info.apple.com/article.html?artnum=306173
- http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html
- http://osvdb.org/36130
- http://osvdb.org/36450
- http://secunia.com/advisories/25786
- http://secunia.com/advisories/26287
- http://www.kb.cert.org/vuls/id/389868
- http://www.securityfocus.com/bid/24597
- http://www.securitytracker.com/id?1018281
- http://www.vupen.com/english/advisories/2007/2296
- http://www.vupen.com/english/advisories/2007/2316
- http://www.vupen.com/english/advisories/2007/2731
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35019
- http://docs.info.apple.com/article.html?artnum=305759
- http://docs.info.apple.com/article.html?artnum=306173
- http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html
- http://osvdb.org/36130
- http://osvdb.org/36450
- http://secunia.com/advisories/25786
- http://secunia.com/advisories/26287
- http://www.kb.cert.org/vuls/id/389868
- http://www.securityfocus.com/bid/24597
- http://www.securitytracker.com/id?1018281
- http://www.vupen.com/english/advisories/2007/2296
- http://www.vupen.com/english/advisories/2007/2316
- http://www.vupen.com/english/advisories/2007/2731
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35019
Products affected by CVE-2007-2399
-
cpe:2.3:o:apple:iphone_os:-
-
cpe:2.3:o:apple:mac_os_x:10.3.9
-
cpe:2.3:o:apple:mac_os_x:10.4.9
-
cpe:2.3:o:apple:mac_os_x_server:10.3.9
-
cpe:2.3:o:apple:mac_os_x_server:10.4.9