Info

Disclosure

May 29, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Quicktime contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by Quicktime for Java, which will allow a maliciously crafted applet to access web browser memory and disclose sensitive information resulting in a loss of confidentiality.

Classification

Location: Local Access Required, Remote / Network Access
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Products

Apple Computer, Inc.

QuickTime

7.1.6

References

Security Tracker: 1018136
CVE ID: 2007-2389 (see also: NVD)
Bugtraq ID: 24222
Secunia Advisory ID: 25130
ISS X-Force ID: 34571
Related OSVDB ID: 35576
CERT VU: 434748
VUPEN Advisory: ADV-2007-1974
Mail List Post: http://lists.apple.com/archives/security-announce/2007/May/msg00005.html
Vendor Specific News/Changelog Entry: http://www.apple.com/support/downloads/securityupdatequicktime716formac.html
http://www.apple.com/support/downloads/securityupdatequicktime716forwindows.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/35575