Apple : Security Vulnerabilities, CVEs, Published In 2007 (Code Execution) CVSS score >= 9
Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release advisories with actionable information. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. However, the organization has stated that this is different than CVE-2007-6166.
Max CVSS
10.0
EPSS Score
4.53%
Published
2007-12-04
Updated
2017-08-08
CVE-2007-6166
Public exploit
Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.
Max CVSS
9.3
EPSS Score
97.02%
Published
2007-11-29
Updated
2018-10-30
CVE-2007-6165
Public exploit
Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395.
Max CVSS
9.3
EPSS Score
13.93%
Published
2007-11-29
Updated
2011-10-06
Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted feed: URL that triggers memory corruption.
Max CVSS
9.3
EPSS Score
5.69%
Published
2007-12-19
Updated
2017-07-29
Unspecified vulnerability in IO Storage Family in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (system shutdown) or execute arbitrary code via a disk image with crafted GUID partition maps, which triggers memory corruption.
Max CVSS
9.3
EPSS Score
0.45%
Published
2007-12-19
Updated
2017-07-29
Unspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via an image with a crafted ColorSync profile, which triggers memory corruption.
Max CVSS
9.3
EPSS Score
4.60%
Published
2007-12-19
Updated
2017-07-29
Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via the URL handler.
Max CVSS
9.3
EPSS Score
3.86%
Published
2007-12-19
Updated
2017-07-29
Multiple unspecified vulnerabilities in the Flash media handler in Apple QuickTime before 7.3.1 allow remote attackers to execute arbitrary code or have other unspecified impacts via a crafted QuickTime movie.
Max CVSS
9.3
EPSS Score
2.33%
Published
2007-12-15
Updated
2017-07-29
Double free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute arbitrary code via a crafted AUTH_UNIX RPC packet.
Max CVSS
9.0
EPSS Score
1.28%
Published
2007-11-15
Updated
2017-07-29
Double free vulnerability in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via crafted IPV6 packets.
Max CVSS
10.0
EPSS Score
4.65%
Published
2007-11-15
Updated
2017-07-29
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid color table size when parsing the color table atom (CTAB) in a movie file, related to the CTAB RGB values.
Max CVSS
9.3
EPSS Score
82.83%
Published
2007-11-07
Updated
2018-10-26
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opcodes in a PICT image.
Max CVSS
9.3
EPSS Score
95.29%
Published
2007-11-07
Updated
2018-10-26
Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama sample atom.
Max CVSS
9.3
EPSS Score
60.20%
Published
2007-11-07
Updated
2018-10-26
Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier.
Max CVSS
9.3
EPSS Score
77.29%
Published
2007-07-23
Updated
2017-07-29
Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows remote attackers to execute arbitrary code via unspecified vectors, a related issue to CVE-2007-2386.
Max CVSS
10.0
EPSS Score
2.24%
Published
2007-07-17
Updated
2008-09-05
Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.
Max CVSS
9.8
EPSS Score
68.66%
Published
2007-07-16
Updated
2024-01-12
Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file.
Max CVSS
9.3
EPSS Score
1.81%
Published
2007-09-06
Updated
2018-10-15
Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors.
Max CVSS
9.3
EPSS Score
57.16%
Published
2007-11-07
Updated
2018-10-26
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via crafted Sample Table Sample Descriptor (STSD) atoms in a movie file.
Max CVSS
9.3
EPSS Score
15.69%
Published
2007-11-07
Updated
2017-07-29
Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long value in the title HTML tag, which triggers the overflow when the user adds the page as a bookmark.
Max CVSS
9.3
EPSS Score
3.57%
Published
2007-06-25
Updated
2017-07-29
WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption.
Max CVSS
9.3
EPSS Score
12.53%
Published
2007-06-25
Updated
2022-08-09
QuickTime for Java in Apple Quicktime before 7.2 does not properly check permissions, which allows remote attackers to disable security controls and execute arbitrary code via crafted Java applets.
Max CVSS
9.3
EPSS Score
73.94%
Published
2007-07-15
Updated
2018-10-30
The JDirect support in QuickTime for Java in Apple Quicktime before 7.2 exposes certain dangerous interfaces, which allows remote attackers to execute arbitrary code via crafted Java applets.
Max CVSS
9.3
EPSS Score
5.95%
Published
2007-07-15
Updated
2018-10-30
Unspecified vulnerability in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a crafted image description atom in a movie file, related to "memory corruption."
Max CVSS
9.3
EPSS Score
6.40%
Published
2007-11-07
Updated
2017-07-29
Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation.
Max CVSS
9.3
EPSS Score
72.12%
Published
2007-07-15
Updated
2018-10-30