Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the “PWN 2 0WN” contest at CanSecWest 2007.
cansecwest.com/post/2007-04-20-14:54:00.First_Mac_Hacked_Cancel_Or_Allow
docs.info.apple.com/article.html?artnum=305446
lists.apple.com/archives/security-announce/2007/May/msg00001.html
www.kb.cert.org/vuls/id/420668
www.matasano.com/log/806/hot-off-the-matasano-sms-queue-cansec-macbook-challenge-won/
www.matasano.com/log/812/breaking-macbook-vuln-in-quicktime-affects-win32-apple-code/
www.osvdb.org/34178
www.securityfocus.com/archive/1/467319/100/0/threaded
www.securitytracker.com/id?1017950
www.theregister.co.uk/2007/04/20/pwn-2-own_winner/
www.zerodayinitiative.com/advisories/ZDI-07-023.html
exchange.xforce.ibmcloud.com/vulnerabilities/33827