CVE-2007-6166

EPSS 41.9%

Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.

Affected products

n/a · n/a

public PoCs found — 8

cve_referencewww.exploit-db.com/exploits/4648unverified exploitdbwww.exploit-db.com/exploits/16873unverified cve_referencewww.exploit-db.com/exploits/6013unverified exploitdbwww.exploit-db.com/exploits/4657unverified exploitdbwww.exploit-db.com/exploits/4651unverified exploitdbwww.exploit-db.com/exploits/11027unverified exploitdbwww.exploit-db.com/exploits/16424unverified exploitdbwww.exploit-db.com/exploits/4664unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://docs.info.apple.com/article.html?artnum=307176 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00000.html http://secunia.com/advisories/27755 http://secunia.com/advisories/29182 http://security.gentoo.org/glsa/glsa-200803-08.xml http://securityreason.com/securityalert/3410 https://exchange.xforce.ibmcloud.com/vulnerabilities/38604 https://www.exploit-db.com/exploits/4648 https://www.exploit-db.com/exploits/6013 http://www.beskerming.com/security/2007/11/25/74/QuickTime_-_Remote_hacker_automatic_control http://www.kb.cert.org/vuls/id/659761 http://www.securityfocus.com/bid/26549