Required CVE Record Information
Description
Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the "PWN 2 0WN" contest at CanSecWest 2007.
References 12 Total
- http://www.zerodayinitiative.com/advisories/ZDI-07-023.html
- http://cansecwest.com/post/2007-04-20-14:54:00.First_Mac_Hacked_Cancel_Or_Allow
- exchange.xforce.ibmcloud.com: quicktime-unspecified-code-execution(33827) vdb-entry
- securitytracker.com: 1017950 vdb-entry
- lists.apple.com: APPLE-SA-2007-05-01 vendor-advisory
- http://www.theregister.co.uk/2007/04/20/pwn-2-own_winner/
- http://docs.info.apple.com/article.html?artnum=305446
- securityfocus.com: 20070501 ZDI-07-023: Apple QTJava toQTPointer() Pointer Arithmetic Memory Overwrite Vulnerability mailing-list
- http://www.matasano.com/log/806/hot-off-the-matasano-sms-queue-cansec-macbook-challenge-won/
- osvdb.org: 34178 vdb-entry
- kb.cert.org: VU#420668 third-party-advisory
- http://www.matasano.com/log/812/breaking-macbook-vuln-in-quicktime-affects-win32-apple-code/
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 12 Total
- http://www.zerodayinitiative.com/advisories/ZDI-07-023.html x_transferred
- http://cansecwest.com/post/2007-04-20-14:54:00.First_Mac_Hacked_Cancel_Or_Allow x_transferred
- exchange.xforce.ibmcloud.com: quicktime-unspecified-code-execution(33827) vdb-entryx_transferred
- securitytracker.com: 1017950 vdb-entryx_transferred
- lists.apple.com: APPLE-SA-2007-05-01 vendor-advisoryx_transferred
- http://www.theregister.co.uk/2007/04/20/pwn-2-own_winner/ x_transferred
- http://docs.info.apple.com/article.html?artnum=305446 x_transferred
- securityfocus.com: 20070501 ZDI-07-023: Apple QTJava toQTPointer() Pointer Arithmetic Memory Overwrite Vulnerability mailing-listx_transferred
- http://www.matasano.com/log/806/hot-off-the-matasano-sms-queue-cansec-macbook-challenge-won/ x_transferred
- osvdb.org: 34178 vdb-entryx_transferred
- kb.cert.org: VU#420668 third-party-advisoryx_transferred
- http://www.matasano.com/log/812/breaking-macbook-vuln-in-quicktime-affects-win32-apple-code/ x_transferred