Vulnerabilities > CVE-2007-2175 - Unspecified vulnerability in Apple Safari

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
apple
nessus
exploit available
metasploit
NVD
Published: 2007-04-24
Updated: 2018-10-16

Summary

Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the "PWN 2 0WN" contest at CanSecWest 2007.

Vulnerable Configurations

Part Description Count
Application
Apple
1

Exploit-Db

  • descriptionApple QTJava toQTPointer() Arbitrary Memory Access. CVE-2007-2175. Remote exploits for multiple platform
    idEDB-ID:16295
    last seen2016-02-01
    modified2010-09-20
    published2010-09-20
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16295/
    titleApple QTJava toQTPointer Arbitrary Memory Access
  • descriptionApple Quicktime for Java 7 Memory Access. CVE-2007-2175. Remote exploits for multiple platform
    idEDB-ID:9943
    last seen2016-02-01
    modified2007-04-23
    published2007-04-23
    reporterH D Moore
    sourcehttps://www.exploit-db.com/download/9943/
    titleApple Quicktime for Java 7 - Memory Access
  • descriptionApple Quicktime 7.1.5 QTJava toQTPointer() Java Handling Arbitrary Code Execution Vulnerability. CVE-2007-2175. Remote exploits for multiple platform
    idEDB-ID:29884
    last seen2016-02-03
    modified2007-04-23
    published2007-04-23
    reporterShane Macaulay
    sourcehttps://www.exploit-db.com/download/29884/
    titleApple Quicktime <= 7.1.5 QTJava toQTPointer Java Handling Arbitrary Code Execution Vulnerability

Metasploit

descriptionThis module exploits an arbitrary memory access vulnerability in the Quicktime for Java API provided with Quicktime 7.
idMSF:EXPLOIT/MULTI/BROWSER/QTJAVA_POINTER
last seen2020-06-14
modified2017-07-24
published2007-05-29
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2175
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/browser/qtjava_pointer.rb
titleApple QTJava toQTPointer() Arbitrary Memory Access

Nessus

  • NASL familyWindows
    NASL idQUICKTIME_716.NASL
    descriptionAccording to its version, the installation of QuickTime on the remote Windows host contains a bug that might allow a rogue Java program to write anywhere in the heap. An attacker may be able to leverage this issue to execute arbitrary code on the remote host by luring a victim into visiting a rogue page containing a malicious Java applet.
    last seen2020-06-01
    modified2020-06-02
    plugin id25123
    published2007-05-02
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25123
    titleQuickTime < 7.1.6 quicktime.util.QTHandleRef toQTPointer Method Arbitrary Code Execution (Windows)
    code
    #
# (C) Tenable Network Security, Inc.
#



include("compat.inc");

if (description)
{
  script_id(25123);
  script_version("1.15");

  script_cve_id("CVE-2007-2175");
  script_bugtraq_id(23608);

  script_name(english:"QuickTime < 7.1.6 quicktime.util.QTHandleRef toQTPointer Method Arbitrary Code Execution (Windows)");
  script_summary(english:"Checks version of QuickTime on Windows");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains an application that is prone to
multiple attacks." );
 script_set_attribute(attribute:"description", value:
"According to its version, the installation of QuickTime on the remote
Windows host contains a bug that might allow a rogue Java program to
write anywhere in the heap. 

An attacker may be able to leverage this issue to execute arbitrary
code on the remote host by luring a victim into visiting a rogue page
containing a malicious Java applet." );
 script_set_attribute(attribute:"see_also", value:"https://support.apple.com/?artnum=305446" );
 script_set_attribute(attribute:"solution", value:
"Upgrade to QuickTime version 7.1.6 or later." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"exploit_framework_core", value:"true");
 script_set_attribute(attribute:"metasploit_name", value:'Apple QTJava toQTPointer() Arbitrary Memory Access');
 script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

 script_set_attribute(attribute:"plugin_publication_date", value: "2007/05/02");
 script_set_attribute(attribute:"vuln_publication_date", value: "2007/04/24");
 script_cvs_date("Date: 2018/11/15 20:50:28");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:quicktime");
script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");
  script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
  script_dependencies("quicktime_installed.nasl");
  script_require_keys("SMB/QuickTime/Version");
  exit(0);
}


ver = get_kb_item("SMB/QuickTime/Version");
if (
  ver && 
  ver =~ "^([0-6]\.|7\.(0\.|1\.[0-5]([^0-9]|$)))"
) security_hole(get_kb_item("SMB/transport"));
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_QUICKTIME716.NASL
    descriptionAccording to its version, the installation of Quicktime on the remote Mac OS X host which contains a bug which might allow a rogue Java program to write anywhere in the heap. An attacker may be able to leverage these issues to execute arbitrary code on the remote host by luring a victim into visiting a rogue page containing a malicious Java applet.
    last seen2020-06-01
    modified2020-06-02
    plugin id25122
    published2007-05-02
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25122
    titleQuicktime < 7.1.6 quicktime.util.QTHandleRef toQTPointer Method Arbitrary Code Execution (Mac OS X)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/82265/qtjava_pointer.rb.txt
idPACKETSTORM:82265
last seen2016-12-05
published2009-10-27
reporterH D Moore
sourcehttps://packetstormsecurity.com/files/82265/Apple-QTJava-toQTPointer-Arbitrary-Memory-Access.html
titleApple QTJava toQTPointer() Arbitrary Memory Access

References