logo
DATABASE RESOURCES PRICING ABOUT US

QuickTime RTSP Content-Type header buffer overflow

Description

Added: 11/30/2007 CVE: [CVE-2007-6166](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166>) BID: [26549](<http://www.securityfocus.com/bid/26549>) OSVDB: [40876](<http://www.osvdb.org/40876>) ### Background [QuickTime](<http://www.apple.com/quicktime/player/>) is a media player for Windows and Mac OS platforms. ### Problem A buffer overflow vulnerability in QuickTime allows command execution when a user opens an RTSP stream containing a specially crafted Content-Type header. ### Resolution [Upgrade](<http://www.apple.com/quicktime/download/>) to a version higher than 7.3 when available. ### References <http://www.kb.cert.org/vuls/id/659761> ### Limitations Exploit works on QuickTime 7.3 on Windows and QuickTime 7.1.3 on Mac OS 10.4.8 and requires a user to open the exploit in QuickTime. ### Platforms Windows Mac OS X


Related