Unrated severityNVD Advisory· Published May 29, 2007· Updated Jun 16, 2026
CVE-2007-2388
CVE-2007-2388
Description
Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory locations.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:apple:quicktime:7.1.6:*:java:*:*:*:*:*+ 1 more
- cpe:2.3:a:apple:quicktime:7.1.6:*:java:*:*:*:*:*
- (no CPE)range: =7.1.6
Patches
Vulnerability mechanics
References
8- secunia.com/advisories/25130nvdVendor Advisory
- secunia.com/secunia_research/2007-52/advisory/nvdVendor Advisory
- www.vupen.com/english/advisories/2007/1974nvdVendor Advisory
- www.kb.cert.org/vuls/id/995836nvdUS Government Resource
- lists.apple.com/archives/security-announce/2007/May/msg00005.htmlnvd
- www.osvdb.org/35576nvd
- www.securityfocus.com/bid/24221nvd
- www.securitytracker.com/idnvd
News mentions
0No linked articles in our index yet.