7.6

CVE-2007-2175

EPSS 85.14%
Veröffentlicht 24.04.2007 16:19:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the "PWN 2 0WN" contest at CanSecWest 2007.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 15

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apple ≫ Safari

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	85.14%	0.993

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.6	4.9	10	AV:N/AC:H/Au:N/C:C/I:C/A:C

http://cansecwest.com/post/2007-04-20-14:54:00.First_Mac_Hacked_Cancel_Or_Allow

http://docs.info.apple.com/article.html?artnum=305446

http://lists.apple.com/archives/security-announce/2007/May/msg00001.html

http://www.kb.cert.org/vuls/id/420668

US Government Resource

http://www.matasano.com/log/806/hot-off-the-matasano-sms-queue-cansec-macbook-challenge-won/

http://www.matasano.com/log/812/breaking-macbook-vuln-in-quicktime-affects-win32-apple-code/

http://www.osvdb.org/34178

http://www.securityfocus.com/archive/1/467319/100/0/threaded

http://www.securitytracker.com/id?1017950

http://www.theregister.co.uk/2007/04/20/pwn-2-own_winner/

http://www.zerodayinitiative.com/advisories/ZDI-07-023.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/33827

https://nvd.nist.gov/vuln/detail/CVE-2007-2175

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-2175

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-2175

EUVD