Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6166

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-6166
Last Modified 04 Aug 2011 12:00:00
Published 28 Nov 2007 08:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6166

Summary

Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.

Vulnerable Systems

Application

  • Apple Quicktime 3

  • Apple Quicktime 4.1.2

  • Apple Quicktime 5.0

  • Apple Quicktime 5.0.1

  • Apple Quicktime 5.0.2

  • Apple Quicktime 6.0

  • Apple Quicktime 6.1

  • Apple Quicktime 6.5

  • Apple Quicktime 6.5.1

  • Apple Quicktime 6.5.2

  • Apple Quicktime 7.0

  • Apple Quicktime 7.0.1

  • Apple Quicktime 7.0.2

  • Apple Quicktime 7.0.3

  • Apple Quicktime 7.0.4

  • Apple Quicktime 7.0.8

  • Apple Quicktime 7.1

  • Apple Quicktime 7.1.1

  • Apple Quicktime 7.1.2

  • Apple Quicktime 7.1.3

  • Apple Quicktime 7.1.4

  • Apple Quicktime 7.1.5

  • Apple Quicktime 7.1.6

  • Apple Quicktime 7.2

  • Apple Quicktime 7.3

  • Apple Safari


References

CERT - TA07-334A

CERT-VN - VU#659761

XF - quicktime-rtsp-contenttype-bo(38604)

VUPEN - ADV-2007-3984

SECTRACK - 1018989

BID - 26560

BID - 26549

MILW0RM - 6013

MILW0RM - 4648

MISC - http://www.beskerming.com/security/2007/11/25/74/QuickTime_-_Remote_hacker_automatic_control

SREASON - 3410

GENTOO - GLSA-200803-08

SECUNIA - 29182

SECUNIA - 27755

APPLE - APPLE-SA-2007-12-13

MISC - http://docs.info.apple.com/article.html?artnum=307176

Related Patches

Apple 2007-12-13 QuickTime 7.3.1 for Panther

Apple 2007-12-13 QuickTime 7.3.1 for Leopard

Apple 2007-12-13 QuickTime 7.3.1 for Tiger


Last Updated: 27 May 2016 10:46:24