CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
99.4%
Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the “PWN 2 0WN” contest at CanSecWest 2007.
cansecwest.com/post/2007-04-20-14:54:00.First_Mac_Hacked_Cancel_Or_Allow
docs.info.apple.com/article.html?artnum=305446
lists.apple.com/archives/security-announce/2007/May/msg00001.html
www.kb.cert.org/vuls/id/420668
www.matasano.com/log/806/hot-off-the-matasano-sms-queue-cansec-macbook-challenge-won/
www.matasano.com/log/812/breaking-macbook-vuln-in-quicktime-affects-win32-apple-code/
www.osvdb.org/34178
www.securityfocus.com/archive/1/467319/100/0/threaded
www.securitytracker.com/id?1017950
www.theregister.co.uk/2007/04/20/pwn-2-own_winner/
www.zerodayinitiative.com/advisories/ZDI-07-023.html
exchange.xforce.ibmcloud.com/vulnerabilities/33827