VYPR

QuickTime for Java

by Apple Inc.

CVEs (6)

  • CVE-2007-3751Nov 7, 2007
    risk 0.02cvss epss 0.26

    Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors.

  • CVE-2007-2397Jul 15, 2007
    risk 0.01cvss epss 0.07

    QuickTime for Java in Apple Quicktime before 7.2 does not properly check permissions, which allows remote attackers to disable security controls and execute arbitrary code via crafted Java applets.

  • CVE-2007-2393Jul 15, 2007
    risk 0.01cvss epss 0.07

    The design of QuickTime for Java in Apple Quicktime before 7.2 allows remote attackers to bypass certain security controls and write to process memory via Java applets, possibly leading to arbitrary code execution.

  • CVE-2007-2402Jul 15, 2007
    risk 0.00cvss epss 0.03

    QuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information (screen content) via crafted Java applets.

  • CVE-2007-2389May 29, 2007
    risk 0.00cvss epss 0.03

    Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets.

  • CVE-2006-5681Dec 20, 2006
    risk 0.00cvss epss 0.02

    QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects.