CVE-2007-3745 - The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 contains an unsafe interface th

CVE-2007-3745

Summary

The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 contains an unsafe interface that is exposed by JDirect, which allows remote attackers to free arbitrary memory and thereby execute arbitrary code.

References

Vulnerable Configurations

cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*
cpe:2.3:a:apple:core_audio_technologies:*:*:*:*:*:*:*:*
cpe:2.3:a:apple:core_audio_technologies:*:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 29-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

apple	APPLE-SA-2007-07-31
bid	25159
confirm	http://docs.info.apple.com/article.html?artnum=306172
sectrack	1018492
secunia	26235
vupen	ADV-2007-2732
xf	macos-coreaudio-code-execution(35725)

Last major update

29-07-2017 - 01:32

Published

03-08-2007 - 10:17

Last modified

29-07-2017 - 01:32