7.6

CVE-2007-2175

EPSS 84.87%
Published 24.04.2007 16:19:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the "PWN 2 0WN" contest at CanSecWest 2007.

Affected products Warnungen 0 Metrics 2 CWE 0 References 15

Data is provided by the National Vulnerability Database (NVD)

Apple ≫ Safari

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	84.87%	0.992

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.6	4.9	10	AV:N/AC:H/Au:N/C:C/I:C/A:C

http://cansecwest.com/post/2007-04-20-14:54:00.First_Mac_Hacked_Cancel_Or_Allow

http://docs.info.apple.com/article.html?artnum=305446

http://lists.apple.com/archives/security-announce/2007/May/msg00001.html

http://www.kb.cert.org/vuls/id/420668

US Government Resource

http://www.matasano.com/log/806/hot-off-the-matasano-sms-queue-cansec-macbook-challenge-won/

http://www.matasano.com/log/812/breaking-macbook-vuln-in-quicktime-affects-win32-apple-code/

http://www.osvdb.org/34178

http://www.securityfocus.com/archive/1/467319/100/0/threaded

http://www.securitytracker.com/id?1017950

http://www.theregister.co.uk/2007/04/20/pwn-2-own_winner/

http://www.zerodayinitiative.com/advisories/ZDI-07-023.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/33827

https://nvd.nist.gov/vuln/detail/CVE-2007-2175

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-2175

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-2175

EUVD