Vulnerabilities > CVE-2007-2399 - Unspecified vulnerability in Apple mac OS X and mac OS X Server

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

apple

critical

nessus

NVD

Published: 2007-06-25

Updated: 2022-08-09

Summary

WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption.

Vulnerable Configurations

Part	Description	Count
OS	Apple Apple Iphone OS * Apple MAC OS X Server 10.4.9 Apple MAC OS X Server 10.3.9 Apple MAC OS X 10.4.9 Apple MAC OS X 10.3.9	5

Nessus

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_SECUPD2007-006.NASL
description	The remote host is running a version of Mac OS X 10.4 or 10.3 which does not have the security update 2007-006 applied. This update fixes security flaws in WebKit and WebCore which might allow an attacker to execute arbitrary code on the remote host. To execute arbitrary code, an attacker would need to lure a user of the remote host into visiting a malicious website containing a specially malformed html file which would trigger a buffer overflow.
last seen	2020-06-01
modified	2020-06-02
plugin id	25566
published	2007-06-25
reporter	This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/25566
title	Mac OS X Multiple Vulnerabilities (Security Update 2007-006)
code	# # (C) Tenable Network Security, Inc. # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(25566); script_version ("1.14"); script_cve_id("CVE-2007-2401", "CVE-2007-2399"); script_bugtraq_id(24597, 24598); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2007-006)"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X update which fixes a security issue." ); script_set_attribute(attribute:"description", value: "The remote host is running a version of Mac OS X 10.4 or 10.3 which does not have the security update 2007-006 applied. This update fixes security flaws in WebKit and WebCore which might allow an attacker to execute arbitrary code on the remote host. To execute arbitrary code, an attacker would need to lure a user of the remote host into visiting a malicious website containing a specially malformed html file which would trigger a buffer overflow." ); script_set_attribute(attribute:"solution", value: "Install the security update 2007-006 : http://www.apple.com/support/downloads/securityupdate2007006universal.html" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(79); script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=305759" ); script_set_attribute(attribute:"plugin_publication_date", value: "2007/06/25"); script_set_attribute(attribute:"patch_publication_date", value: "2007/06/21"); script_set_attribute(attribute:"vuln_publication_date", value: "2007/06/21"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_summary(english:"Check for the presence of the SecUpdate 2007-006"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); script_family(english:"MacOS X Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages"); exit(0); } packages = get_kb_item("Host/MacOSX/packages"); if ( ! packages ) exit(0); uname = get_kb_item("Host/uname"); if ( egrep(pattern:"Darwin.* (7\.[0-9]\.\|8\.[0-9]\.\|8\.10\.)", string:uname) ) { if (!egrep(pattern:"^SecUpd(Srvr)?(2007-00[6-9]\|200[89]-\|20[1-9][0-9]-)", string:packages)) security_hole(0); }

Seebug

bulletinFamily	exploit
description	CVE(CAN) ID: CVE-2007-2399,CVE-2007-2400,CVE-2007-2401,CVE-2007-3742,CVE-2007-3944 iPhone是蒴果公司开发的智能手机。 iPhone的实现上存在多个安全漏洞，可导致恶意操作浏览器或信息泄露。具体漏洞条目如下： * CVE-2007-2400 Safari处理JavsScript的实现上存在漏洞，远程攻击者可能利用此漏洞绕过同源策略非授权操作其他网页。 * CVE-2007-3944 Safari的JavaScript引擎使用的PCRE库实现上存在堆溢出漏洞，远程攻击者可能利用此漏洞通过诱使用户访问恶意网页控制用户系统。 * CVE-2007-2401 WebCore软件包的XMLHttpRequest处理HTTP请求头时存在漏洞，导致跨站脚本执行。 * CVE-2007-3742 WebKit软件包实现上存在漏洞，可能导致浏览器中的域名欺骗。 * CVE-2007-2399 WebKit软件包在生成网页时处理无效的类型转换存在漏洞，远程攻击者可能利用此漏洞导致软件崩溃或执行任意指令。 Apple iPhone 1.0.1 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： <a href="http://docs.info.apple.com/article.html?artnum=306173" target="_blank">http://docs.info.apple.com/article.html?artnum=306173</a>
id	SSV:2063
last seen	2017-11-19
modified	2007-08-02
published	2007-08-02
reporter	Root
title	Apple iPhone多个安全漏洞

Summary

Vulnerable Configurations

Nessus

Seebug

References