Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory locations.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apple Quicktime For Java远程堆溢出漏洞
Vulnerability Description
Apple QuickTime是一款流行的多媒体播放器,支持多种媒体格式。 QuickTime的实现上存在漏洞,远程攻击者可能利用此漏洞控制用户机器。 QuickTime for Java可能允许在所分配的堆之外实例化或操作对象。漏洞起因是QTObject的子类没有正确设置安全限制,不可信任的Java代码允许将调用QTJava.dll中不安全函数的QuickTime对象归为子类,导致读写任意内存。如果用户受骗访问了包含有特制Java Applet的Web页面的话,就可能触发堆溢出,导致执行任意指令。
CVSS Information
N/A
Vulnerability Type
N/A