| Vulnerability Name: | CVE-2007-2175 (CCN-33827) | ||||||||
| Assigned: | 2007-04-23 | ||||||||
| Published: | 2007-04-23 | ||||||||
| Updated: | 2018-10-16 | ||||||||
| Summary: | Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the "PWN 2 0WN" contest at CanSecWest 2007. | ||||||||
| CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.6 High (CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C) 6.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
6.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MISC Type: UNKNOWN http://cansecwest.com/post/2007-04-20-14:54:00.First_Mac_Hacked_Cancel_Or_Allow Source: MITRE Type: CNA CVE-2007-2175 Source: CCN Type: Apple QuickTime 7.1.6 update About the security content of QuickTime 7.1.6 Source: CONFIRM Type: UNKNOWN http://docs.info.apple.com/article.html?artnum=305446 Source: APPLE Type: UNKNOWN APPLE-SA-2007-05-01 Source: CCN Type: SA25011 Apple QuickTime Java Extension "toQTPointer()" Code Execution Source: CCN Type: SECTRACK ID: 1017950 Apple QuickTime Java Bug Lets Remote Users Execute Arbitrary Code Source: CCN Type: Apple QuickTime Web site Apple - QuickTime Source: CCN Type: IBM Internet Security Systems Protection Alert, May 1, 2007 Apple QuickTime Code Execution Source: CCN Type: US-CERT VU#420668 Apple QuickTime for Java QTPointerRef heap memory corruption vulnerability Source: CERT-VN Type: US Government Resource VU#420668 Source: MISC Type: UNKNOWN http://www.matasano.com/log/806/hot-off-the-matasano-sms-queue-cansec-macbook-challenge-won/ Source: CCN Type: Matasano Chargen Blog, April 23, 2007 BREAKING: MacBook Vuln In Quicktime, Affects Win32 Apple Code Source: MISC Type: UNKNOWN http://www.matasano.com/log/812/breaking-macbook-vuln-in-quicktime-affects-win32-apple-code/ Source: OSVDB Type: UNKNOWN 34178 Source: CCN Type: OSVDB ID: 34178 Apple QuickTime (QTJava.dll) quicktime.util.QTHandleRef toQTPointer Method Arbitrary Code Execution Source: CCN Type: OSVDB ID: 38857 Mozilla Firefox Javascript Errors Unspecified Remote Arbitrary Code Execution Source: BUGTRAQ Type: UNKNOWN 20070501 ZDI-07-023: Apple QTJava toQTPointer() Pointer Arithmetic Memory Overwrite Vulnerability Source: CCN Type: BID-23608 Apple Quicktime QTJava toQTPointer() Java Handling Arbitrary Code Execution Vulnerability Source: SECTRACK Type: UNKNOWN 1017950 Source: MISC Type: UNKNOWN http://www.theregister.co.uk/2007/04/20/pwn-2-own_winner/ Source: MISC Type: UNKNOWN http://www.zerodayinitiative.com/advisories/ZDI-07-023.html Source: XF Type: UNKNOWN quicktime-toqtpointer-code-execution(33827) Source: XF Type: UNKNOWN quicktime-unspecified-code-execution(33827) Source: CCN Type: Rapid7 Vulnerability and Exploit Database [04-23-2007] Apple QTJava toQTPointer() Arbitrary Memory Access Source: CCN Type: ZDI-07-023 Apple QTJava toQTPointer() Pointer Arithmetic Memory Overwrite Vulnerability | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||