Vulnerability Description
WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Iphone Os | <= 1.0 |
| Apple | Mac Os X | 10.3.9 |
| Apple | Mac Os X Server | 10.3.9 |
References
- http://docs.info.apple.com/article.html?artnum=305759
- http://docs.info.apple.com/article.html?artnum=306173
- http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html
- http://osvdb.org/36130
- http://osvdb.org/36450
- http://secunia.com/advisories/25786PatchVendor Advisory
- http://secunia.com/advisories/26287Vendor Advisory
- http://www.kb.cert.org/vuls/id/389868US Government Resource
- http://www.securityfocus.com/bid/24597
- http://www.securitytracker.com/id?1018281Patch
- http://www.vupen.com/english/advisories/2007/2296Vendor Advisory
- http://www.vupen.com/english/advisories/2007/2316Vendor Advisory
- http://www.vupen.com/english/advisories/2007/2731Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35019
- http://docs.info.apple.com/article.html?artnum=305759
FAQ
What is CVE-2007-2399?
CVE-2007-2399 is a vulnerability with a CVSS score of 9.3 (HIGH). WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets tha...
How severe is CVE-2007-2399?
CVE-2007-2399 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2399?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os, Apple Mac Os X, Apple Mac Os X Server.