Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:E2991C06E228232657FD9557DE48978F
HistoryNov 30, 2007 - 12:00 a.m.

QuickTime RTSP Content-Type header buffer overflow

2007-11-3000:00:00
SAINT Corporation
download.saintcorporation.com
10

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.972 High

EPSS

Percentile

99.8%

JSON

Added: 11/30/2007
CVE: CVE-2007-6166
BID: 26549
OSVDB: 40876

Background

QuickTime is a media player for Windows and Mac OS platforms.

Problem

A buffer overflow vulnerability in QuickTime allows command execution when a user opens an RTSP stream containing a specially crafted Content-Type header.

Resolution

Upgrade to a version higher than 7.3 when available.

References

<http://www.kb.cert.org/vuls/id/659761&gt;

Limitations

Exploit works on QuickTime 7.3 on Windows and QuickTime 7.1.3 on Mac OS 10.4.8 and requires a user to open the exploit in QuickTime.

Platforms

Windows
Mac OS X

Related

packetstorm 1
saint 3
canvas 1
cert 1
checkpoint_advisories 1
prion 2
cve 2
nessus 3
securityvulns 1
openvas 1
gentoo 1
packetstorm
packetstorm
Apple QuickTime 7.3 RTSP Response Header Buffer Overflow
2009-11-26 00:00:00
saint
saint
QuickTime RTSP Content-Type header buffer overflow
2007-11-30 00:00:00
QuickTime RTSP Content-Type header buffer overflow
2007-11-30 00:00:00
QuickTime RTSP Content-Type header buffer overflow
2007-11-30 00:00:00
canvas
canvas
Immunity Canvas: QT73_RTSP
2007-11-29 01:46:00
cert
cert
Apple QuickTime RTSP Content-Type header stack buffer overflow
2007-11-24 00:00:00
checkpoint_advisories
checkpoint_advisories
Apple QuickTime RTSP Response Crafted Content-Type Header Buffer Overflow (CVE-2007-6166)
2007-11-27 00:00:00
prion
prion
Stack overflow
2007-11-29 01:46:00
Information disclosure
2007-12-04 18:46:00
cve
cve
CVE-2007-6166
2007-11-29 01:46:00
CVE-2007-6238
2007-12-04 18:46:00
nessus
nessus
QuickTime < 7.3.1 Multiple Vulnerabilities (Windows)
2007-12-14 00:00:00
QuickTime < 7.3.1 Multiple Vulnerabilities (Mac OS X)
2007-12-14 00:00:00
GLSA-200803-08 : Win32 binary codecs: Multiple vulnerabilities
2008-03-07 00:00:00
securityvulns
securityvulns
AuickTime buffer overflow
2007-12-02 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200803-08 (win32codecs)
2008-09-24 00:00:00
gentoo
gentoo
Win32 binary codecs: Multiple vulnerabilities
2008-03-04 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.972 High

EPSS

Percentile

99.8%

JSON
Related for SAINT:E2991C06E228232657FD9557DE48978F
packetstorm1saint3canvas1cert1checkpoint_advisories1prion2cve2nessus3securityvulns1openvas1gentoo1