漏洞信息详情
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple QuickTime for Java远程权限提升漏洞
- CNNVD编号:CNNVD-200711-114
- 危害等级: 超危
- CVE编号: CVE-2007-3751
- 漏洞类型: 资料不足
- 发布时间: 2007-11-07
- 威胁类型: 远程
- 更新时间: 2007-11-08
- 厂 商: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
- 漏洞来源: Adam Gowdiak zupa@...
漏洞简介
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple QuickTime是一款流行的多媒体播放器,支持多种媒体格式。
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple QuickTime处理畸形Java CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Applet的实现上存在漏洞,可能允许不可信任的Java CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Applet提升权限。
如果用户受骗访问了包含有恶意Java CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Applet的网页的话,攻击者就可以导致泄露敏感信息或以提升的权限执行任意指令。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/quicktime73forleopard.HTML
http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/quicktime73forpanther.HTML
http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/quicktime73fortiger.HTML
http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/quicktime73forwindows.HTML
参考网址
来源: US-CERT
名称: TA07-310A
链接:http://www.us-cert.gov/cas/techalerts/TA07-310A.HTML
来源: US-CERT
名称: VU#319771
链接:http://www.kb.cert.org/vuls/id/319771
来源: VUPEN
名称: ADV-2007-3723
链接:http://www.frsirt.com/english/advisories/2007/3723
来源: SECUNIA
名称: 27523
链接:http://secunia.com/advisories/27523
来源: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-2007-11-05
链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/Security-announce/2007/Nov/msg00000.HTML
来源: SECTRACK
名称: 1018894
链接:http://www.securitytracker.com/id?1018894
来源: OSVDB
名称: 38548
链接:http://osvdb.org/38548
来源: docs.info.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com
链接:http://docs.info.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/article.HTML?artnum=306896
来源: XF
名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-quicktime-javaCMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Applet-code-execution(38271)
链接:http://xforce.iss.net/xforce/xfdb/38271
来源: BID
名称: 26339
链接:http://www.securityfocus.com/bid/26339
受影响实体
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac_os_x:10.3.9
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac_os_x:10.5
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac_os_x:10.4.10
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Quicktime:7.2.1:-:Windows
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Quicktime:7.2.1:-:Mac
补丁
暂无
评论