CVE-2007-2175 - Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is

CVE-2007-2175

Summary

Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the "PWN 2 0WN" contest at CanSecWest 2007.

References

Vulnerable Configurations

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

CVSS

Base:	7.6 (as of 16-10-2018 - 16:42)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:H/Au:N/C:C/I:C/A:C

refmap via4

apple	APPLE-SA-2007-05-01
bugtraq	20070501 ZDI-07-023: Apple QTJava toQTPointer() Pointer Arithmetic Memory Overwrite Vulnerability
cert-vn	VU#420668
confirm	http://docs.info.apple.com/article.html?artnum=305446
misc	http://cansecwest.com/post/2007-04-20-14:54:00.First_Mac_Hacked_Cancel_Or_Allow http://www.matasano.com/log/806/hot-off-the-matasano-sms-queue-cansec-macbook-challenge-won/ http://www.matasano.com/log/812/breaking-macbook-vuln-in-quicktime-affects-win32-apple-code/ http://www.theregister.co.uk/2007/04/20/pwn-2-own_winner/ http://www.zerodayinitiative.com/advisories/ZDI-07-023.html
osvdb	34178
sectrack	1017950
xf	quicktime-unspecified-code-execution(33827)

Last major update

16-10-2018 - 16:42

Published

24-04-2007 - 16:19

Last modified

16-10-2018 - 16:42