CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
99.7%
Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.
Vendor | Product | Version | CPE |
---|---|---|---|
apple | quicktime | * | cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:* |
apple | quicktime | - | cpe:2.3:a:apple:quicktime:-:*:*:*:*:*:*:* |
apple | quicktime | 3.0 | cpe:2.3:a:apple:quicktime:3.0:*:*:*:*:*:*:* |
apple | quicktime | 4.1.2 | cpe:2.3:a:apple:quicktime:4.1.2:*:*:*:*:*:*:* |
apple | quicktime | 5.0 | cpe:2.3:a:apple:quicktime:5.0:*:*:*:*:*:*:* |
apple | quicktime | 5.0.1 | cpe:2.3:a:apple:quicktime:5.0.1:*:*:*:*:*:*:* |
apple | quicktime | 5.0.2 | cpe:2.3:a:apple:quicktime:5.0.2:*:*:*:*:*:*:* |
apple | quicktime | 6.0 | cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:* |
apple | quicktime | 6.1 | cpe:2.3:a:apple:quicktime:6.1:*:*:*:*:*:*:* |
apple | quicktime | 6.5 | cpe:2.3:a:apple:quicktime:6.5:*:*:*:*:*:*:* |
docs.info.apple.com/article.html?artnum=307176
lists.apple.com/archives/Security-announce/2007/Dec/msg00000.html
secunia.com/advisories/27755
secunia.com/advisories/29182
security.gentoo.org/glsa/glsa-200803-08.xml
securityreason.com/securityalert/3410
www.beskerming.com/security/2007/11/25/74/QuickTime_-_Remote_hacker_automatic_control
www.kb.cert.org/vuls/id/659761
www.securityfocus.com/bid/26549
www.securityfocus.com/bid/26560
www.securitytracker.com/id?1018989
www.us-cert.gov/cas/techalerts/TA07-334A.html
www.vupen.com/english/advisories/2007/3984
exchange.xforce.ibmcloud.com/vulnerabilities/38604
www.exploit-db.com/exploits/4648
www.exploit-db.com/exploits/6013