CVE-2007-2399 - WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type

CVE-2007-2399

Summary

WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption.

References

Vulnerable Configurations

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 09-08-2022 - 13:46)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

apple	APPLE-SA-2007-06-22
bid	24597
cert-vn	VU#389868
confirm	http://docs.info.apple.com/article.html?artnum=305759 http://docs.info.apple.com/article.html?artnum=306173
osvdb	36130 36450
sectrack	1018281
secunia	25786 26287
vupen	ADV-2007-2296 ADV-2007-2316 ADV-2007-2731
xf	macos-framesets-code-execution(35019)

Last major update

09-08-2022 - 13:46

Published

25-06-2007 - 19:30

Last modified

09-08-2022 - 13:46