CVE-2007-3751 — HIGH (9.3) — White Hats Nepal

Q: What is CVE-2007-3751?

CVE-2007-3751 is a vulnerability with a CVSS score of 9.3 (HIGH). Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors.

Q: How severe is CVE-2007-3751?

CVE-2007-3751 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-3751?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Quicktime, Apple Mac Os X, Microsoft Windows Vista, Microsoft Windows Xp.

Vulnerability Description

Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Apple	Quicktime	< 7.3
Apple	Mac Os X	10.3.9
Microsoft	Windows Vista	All versions
Microsoft	Windows Xp	All versions

References

http://docs.info.apple.com/article.html?artnum=306896Vendor Advisory
http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.htmlPatchVendor Advisory
http://osvdb.org/38548Broken Link
http://secunia.com/advisories/27523PatchVendor Advisory
http://www.kb.cert.org/vuls/id/319771Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/26339Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1018894Third Party AdvisoryVDB Entry
http://www.us-cert.gov/cas/techalerts/TA07-310A.htmlThird Party AdvisoryUS Government Resource
http://www.vupen.com/english/advisories/2007/3723Permissions RequiredThird Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/38271Third Party AdvisoryVDB Entry
http://docs.info.apple.com/article.html?artnum=306896Vendor Advisory
http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.htmlPatchVendor Advisory
http://osvdb.org/38548Broken Link
http://secunia.com/advisories/27523PatchVendor Advisory
http://www.kb.cert.org/vuls/id/319771Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2007-3751?

CVE-2007-3751 is a vulnerability with a CVSS score of 9.3 (HIGH). Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors.

How severe is CVE-2007-3751?

CVE-2007-3751 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-3751?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Quicktime, Apple Mac Os X, Microsoft Windows Vista, Microsoft Windows Xp.