CVE-2007-6166: Buffer Overflow
First published: Thu Nov 29 2007(Updated: )
Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple QuickTime Player | <=7.3 | |
| Apple QuickTime Player | ||
| Apple QuickTime Player | =3.0 | |
| Apple QuickTime Player | =4.1.2 | |
| Apple QuickTime Player | =5.0 | |
| Apple QuickTime Player | =5.0.1 | |
| Apple QuickTime Player | =5.0.2 | |
| Apple QuickTime Player | =6.0 | |
| Apple QuickTime Player | =6.1 | |
| Apple QuickTime Player | =6.5 | |
| Apple QuickTime Player | =6.5.1 | |
| Apple QuickTime Player | =6.5.2 | |
| Apple QuickTime Player | =7.0 | |
| Apple QuickTime Player | =7.0.1 | |
| Apple QuickTime Player | =7.0.2 | |
| Apple QuickTime Player | =7.0.3 | |
| Apple QuickTime Player | =7.0.4 | |
| Apple QuickTime Player | =7.1 | |
| Apple QuickTime Player | =7.1.1 | |
| Apple QuickTime Player | =7.1.2 | |
| Apple QuickTime Player | =7.1.3 | |
| Apple QuickTime Player | =7.1.4 | |
| Apple QuickTime Player | =7.1.5 | |
| Apple QuickTime Player | =7.1.6 | |
| Apple QuickTime Player | =7.2 | |
| Microsoft Windows Vista | ||
| Microsoft Windows XP | =sp2 | |
| Apple Safari | ||
| Apple Mac OS X | =10.3.9 | |
| Apple Mac OS X | =10.4.9 | |
| Apple Mac OS X | =10.5 | |
| Apple Mac OS X | =10.5.0 | |
| Apple Mac OS X | =10.5.1 | |
| Apple Mac OS X | =10.5.2 | |
| Apple Mac OS X | =10.5.3 | |
| Apple Mac OS X | =10.5.4 | |
| Apple Mac OS X | =10.5.5 | |
| Apple Mac OS X | =10.5.6 | |
| Apple Mac OS X | =10.5.7 | |
| Apple Mac OS X | =10.5.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.beskerming.com/security/2007/11/25/74/QuickTime_-_Remote_hacker_automatic_control
- http://www.kb.cert.org/vuls/id/659761
- http://www.securityfocus.com/bid/26549
- http://www.securitytracker.com/id?1018989
- http://secunia.com/advisories/27755
- http://docs.info.apple.com/article.html?artnum=307176
- http://lists.apple.com/archives/Security-announce/2007/Dec/msg00000.html
- http://www.us-cert.gov/cas/techalerts/TA07-334A.html
- http://www.securityfocus.com/bid/26560
- http://security.gentoo.org/glsa/glsa-200803-08.xml
- http://secunia.com/advisories/29182
- http://securityreason.com/securityalert/3410
- http://www.vupen.com/english/advisories/2007/3984
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38604
- https://www.exploit-db.com/exploits/6013
- https://www.exploit-db.com/exploits/4648
- collector/nvd-historical
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apple
- canonical/apple quicktime player
- version/apple quicktime player/7.3
- version/apple quicktime player/3.0
- version/apple quicktime player/4.1.2
- version/apple quicktime player/5.0
- version/apple quicktime player/5.0.1
- version/apple quicktime player/5.0.2
- version/apple quicktime player/6.0
- version/apple quicktime player/6.1
- version/apple quicktime player/6.5
- version/apple quicktime player/6.5.1
- version/apple quicktime player/6.5.2
- version/apple quicktime player/7.0
- version/apple quicktime player/7.0.1
- version/apple quicktime player/7.0.2
- version/apple quicktime player/7.0.3
- version/apple quicktime player/7.0.4
- version/apple quicktime player/7.1
- version/apple quicktime player/7.1.1
- version/apple quicktime player/7.1.2
- version/apple quicktime player/7.1.3
- version/apple quicktime player/7.1.4
- version/apple quicktime player/7.1.5
- version/apple quicktime player/7.1.6
- version/apple quicktime player/7.2
- vendor/microsoft
- canonical/microsoft windows vista
- canonical/microsoft windows xp
- version/microsoft windows xp/sp2
- canonical/apple safari
- canonical/apple mac os x
- version/apple mac os x/10.3.9
- version/apple mac os x/10.4.9
- version/apple mac os x/10.5
- version/apple mac os x/10.5.0
- version/apple mac os x/10.5.1
- version/apple mac os x/10.5.2
- version/apple mac os x/10.5.3
- version/apple mac os x/10.5.4
- version/apple mac os x/10.5.5
- version/apple mac os x/10.5.6
- version/apple mac os x/10.5.7
- version/apple mac os x/10.5.8