Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory locations.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-05-29T21:00:00

Updated: 2024-08-07T13:33:28.638Z

Reserved: 2007-04-30T00:00:00

Link: CVE-2007-2388

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2007-05-29T21:30:00.000

Modified: 2011-05-18T04:00:00.000

Link: CVE-2007-2388

cve-icon Redhat

No data.