What is CVE-2007-2175?

CVE-2007-2175 is a vulnerability in N/a. Published 2007-04-24.

Is CVE-2007-2175 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2007-2175

Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which c…

EPSS: 0.853 (99.4th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

www.zerodayinitiative.com/advisories/ZDI-07-023.html (x_refsource_MISC)
cansecwest.com/post/2007-04-20-14:54:00.First_Mac_Hacked_Cancel_Or_Allow (x_refsource_MISC)
quicktime-unspecified-code-execution(33827) (vdb-entry, x_refsource_XF)
1017950 (vdb-entry, x_refsource_SECTRACK)
APPLE-SA-2007-05-01 (vendor-advisory, x_refsource_APPLE)
www.theregister.co.uk/2007/04/20/pwn-2-own_winner/ (x_refsource_MISC)
docs.info.apple.com/article.html (x_refsource_CONFIRM)
20070501 ZDI-07-023: Apple QTJava toQTPointer() Pointer Arithmetic Memory Overwrite Vulnerability (mailing-list, x_refsource_BUGTRAQ)
www.matasano.com/log/806/hot-off-the-matasano-sms-queue-cansec-macbook-challeng… (x_refsource_MISC)
34178 (x_refsource_OSVDB, vdb-entry)

Frequently asked questions

What is CVE-2007-2175?: CVE-2007-2175 is a vulnerability in N/a. Published 2007-04-24.
Is CVE-2007-2175 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.