[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

252588

 
 

909

 
 

196930

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-2175Date: (C)2007-04-24   (M)2023-12-22


Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the "PWN 2 0WN" contest at CanSecWest 2007.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.6
Exploit Score: 4.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1017950
http://www.securityfocus.com/archive/1/467319/100/0/threaded
OSVDB-34178
APPLE-SA-2007-05-01
VU#420668
http://cansecwest.com/post/2007-04-20-14:54:00.First_Mac_Hacked_Cancel_Or_Allow
http://docs.info.apple.com/article.html?artnum=305446
http://www.matasano.com/log/806/hot-off-the-matasano-sms-queue-cansec-macbook-challenge-won/
http://www.matasano.com/log/812/breaking-macbook-vuln-in-quicktime-affects-win32-apple-code/
http://www.theregister.co.uk/2007/04/20/pwn-2-own_winner/
http://www.zerodayinitiative.com/advisories/ZDI-07-023.html
quicktime-unspecified-code-execution(33827)

CPE    1
cpe:/a:apple:safari

© SecPod Technologies