QuickTime RTSP Content-Type header buffer overflow

Added: 11/30/2007
CVE: CVE-2007-6166
BID: 26549
OSVDB: 40876

Background

QuickTime is a media player for Windows and Mac OS platforms.

Problem

A buffer overflow vulnerability in QuickTime allows command execution when a user opens an RTSP stream containing a specially crafted Content-Type header.

Resolution

Upgrade to a version higher than 7.3 when available.

References

http://www.kb.cert.org/vuls/id/659761

Limitations

Exploit works on QuickTime 7.3 on Windows and QuickTime 7.1.3 on Mac OS 10.4.8 and requires a user to open the exploit in QuickTime.

Platforms

Windows
Mac OS X

Back to exploit index