QuickTime RTSP Content-Type header buffer overflow

2007-11-30T00:00:00
ID SAINT:DA8357CEAC32D4546B288334AD70152C
Type saint
Reporter SAINT Corporation
Modified 2007-11-30T00:00:00

Description

Added: 11/30/2007
CVE: CVE-2007-6166
BID: 26549
OSVDB: 40876

Background

QuickTime is a media player for Windows and Mac OS platforms.

Problem

A buffer overflow vulnerability in QuickTime allows command execution when a user opens an RTSP stream containing a specially crafted Content-Type header.

Resolution

Upgrade to a version higher than 7.3 when available.

References

<http://www.kb.cert.org/vuls/id/659761>

Limitations

Exploit works on QuickTime 7.3 on Windows and QuickTime 7.1.3 on Mac OS 10.4.8 and requires a user to open the exploit in QuickTime.

Platforms

Windows
Mac OS X