CVE-2007-6166: Buffer Overflow
First published: Thu Nov 29 2007(Updated: )
Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple QuickTime | <=7.3 | |
| Apple QuickTime | ||
| Apple QuickTime | =3.0 | |
| Apple QuickTime | =4.1.2 | |
| Apple QuickTime | =5.0 | |
| Apple QuickTime | =5.0.1 | |
| Apple QuickTime | =5.0.2 | |
| Apple QuickTime | =6.0 | |
| Apple QuickTime | =6.1 | |
| Apple QuickTime | =6.5 | |
| Apple QuickTime | =6.5.1 | |
| Apple QuickTime | =6.5.2 | |
| Apple QuickTime | =7.0 | |
| Apple QuickTime | =7.0.1 | |
| Apple QuickTime | =7.0.2 | |
| Apple QuickTime | =7.0.3 | |
| Apple QuickTime | =7.0.4 | |
| Apple QuickTime | =7.1 | |
| Apple QuickTime | =7.1.1 | |
| Apple QuickTime | =7.1.2 | |
| Apple QuickTime | =7.1.3 | |
| Apple QuickTime | =7.1.4 | |
| Apple QuickTime | =7.1.5 | |
| Apple QuickTime | =7.1.6 | |
| Apple QuickTime | =7.2 | |
| Microsoft Windows Vista | ||
| Microsoft Windows XP | =sp2 | |
| Apple Mobile Safari | ||
| Apple iOS and macOS | =10.3.9 | |
| Apple iOS and macOS | =10.4.9 | |
| Apple iOS and macOS | =10.5 | |
| Apple iOS and macOS | =10.5.0 | |
| Apple iOS and macOS | =10.5.1 | |
| Apple iOS and macOS | =10.5.2 | |
| Apple iOS and macOS | =10.5.3 | |
| Apple iOS and macOS | =10.5.4 | |
| Apple iOS and macOS | =10.5.5 | |
| Apple iOS and macOS | =10.5.6 | |
| Apple iOS and macOS | =10.5.7 | |
| Apple iOS and macOS | =10.5.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.beskerming.com/security/2007/11/25/74/QuickTime_-_Remote_hacker_automatic_control
- http://www.kb.cert.org/vuls/id/659761
- http://www.securityfocus.com/bid/26549
- http://www.securitytracker.com/id?1018989
- http://secunia.com/advisories/27755
- http://docs.info.apple.com/article.html?artnum=307176
- http://lists.apple.com/archives/Security-announce/2007/Dec/msg00000.html
- http://www.us-cert.gov/cas/techalerts/TA07-334A.html
- http://www.securityfocus.com/bid/26560
- http://security.gentoo.org/glsa/glsa-200803-08.xml
- http://secunia.com/advisories/29182
- http://securityreason.com/securityalert/3410
- http://www.vupen.com/english/advisories/2007/3984
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38604
- https://www.exploit-db.com/exploits/6013
- https://www.exploit-db.com/exploits/4648
Frequently Asked Questions
What is the severity of CVE-2007-6166?
CVE-2007-6166 has a high severity rating due to the potential for remote code execution.
How do I fix CVE-2007-6166?
The recommended fix for CVE-2007-6166 is to upgrade Apple QuickTime to version 7.3.1 or later.
Which versions of Apple QuickTime are affected by CVE-2007-6166?
CVE-2007-6166 affects all versions of Apple QuickTime prior to version 7.3.1.
What type of vulnerability is CVE-2007-6166 classified as?
CVE-2007-6166 is classified as a stack-based buffer overflow vulnerability.
Can CVE-2007-6166 affect users on Windows Vista?
No, CVE-2007-6166 does not affect users on Windows Vista or later operating systems.
- collector/nvd-historical
- agent/references
- agent/type
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apple
- canonical/apple quicktime
- version/apple quicktime/7.3
- version/apple quicktime/3.0
- version/apple quicktime/4.1.2
- version/apple quicktime/5.0
- version/apple quicktime/5.0.1
- version/apple quicktime/5.0.2
- version/apple quicktime/6.0
- version/apple quicktime/6.1
- version/apple quicktime/6.5
- version/apple quicktime/6.5.1
- version/apple quicktime/6.5.2
- version/apple quicktime/7.0
- version/apple quicktime/7.0.1
- version/apple quicktime/7.0.2
- version/apple quicktime/7.0.3
- version/apple quicktime/7.0.4
- version/apple quicktime/7.1
- version/apple quicktime/7.1.1
- version/apple quicktime/7.1.2
- version/apple quicktime/7.1.3
- version/apple quicktime/7.1.4
- version/apple quicktime/7.1.5
- version/apple quicktime/7.1.6
- version/apple quicktime/7.2
- vendor/microsoft
- canonical/microsoft windows vista
- canonical/microsoft windows xp
- version/microsoft windows xp/sp2
- canonical/apple mobile safari
- canonical/apple ios and macos
- version/apple ios and macos/10.3.9
- version/apple ios and macos/10.4.9
- version/apple ios and macos/10.5
- version/apple ios and macos/10.5.0
- version/apple ios and macos/10.5.1
- version/apple ios and macos/10.5.2
- version/apple ios and macos/10.5.3
- version/apple ios and macos/10.5.4
- version/apple ios and macos/10.5.5
- version/apple ios and macos/10.5.6
- version/apple ios and macos/10.5.7
- version/apple ios and macos/10.5.8