Vulnerability Report

CVE-2007-3944

Title: Apple Webkit RCE

Memory Corruption

Proof Of Concept

No public PoC currently indexed for CVE-2007-3944.

CWE Category CWE-119

Published Date Jul 23, 2007

Modified Date Jun 16, 2026

Exploit Status Not Found

Score 9.3 CVSS v2.0

Exploit Probability (EPSS)

6.53%

Vulnerability Summary

CVE-2007-3944: Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier.

Impacted Vendors

apple 2

webkit 1

Reference Links

http://docs.info.apple.com/article.html?artnum=306173 http://docs.info.apple.com/article.html?artnum=306174 http://secunia.com/advisories/26287 http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1&adxnnl=1&adxnnlx=1185163364-1OTsRJvbylLamj17FY2wnw&oref=slogin http://www.securityevaluators.com/iphone/ http://www.securityevaluators.com/iphone/exploitingiphone.pdf http://www.securityfocus.com/bid/25002 http://www.securitytracker.com/id?1018439 http://www.vupen.com/english/advisories/2007/2730 http://www.vupen.com/english/advisories/2007/2731 https://exchange.xforce.ibmcloud.com/vulnerabilities/35577 http://docs.info.apple.com/article.html?artnum=306173 http://docs.info.apple.com/article.html?artnum=306174 http://secunia.com/advisories/26287 http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1&adxnnl=1&adxnnlx=1185163364-1OTsRJvbylLamj17FY2wnw&oref=slogin http://www.securityevaluators.com/iphone/ http://www.securityevaluators.com/iphone/exploitingiphone.pdf http://www.securityfocus.com/bid/25002 http://www.securitytracker.com/id?1018439 http://www.vupen.com/english/advisories/2007/2730 http://www.vupen.com/english/advisories/2007/2731 https://exchange.xforce.ibmcloud.com/vulnerabilities/35577

CVSS v2.0

Source Entity [email protected]

Severity HIGH

9.3

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:M/Au:N/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2007-3944 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

June 16, 2026 MODIFIED

Vulnerability data updated via NVD.

April 09, 2025 MODIFIED

Vulnerability data or affected products updated.

July 23, 2007 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:M/Au:N/C:C/I:C/A:C

Affected Stack

No specific products linked.