Computer Security
[EN] securityvulns.ru no-pyccku


AuickTime buffer overflow
Published:02.12.2007
Source:
SecurityVulns ID:8400
Type:client
Threat Level:
8/10
Description:Buffer overflow on RTSP response Contet-Type header parsing parsing.
Affected:APPLE : QuickTime 7.3
CVE:CVE-2007-6238 (Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release advisories with actionable information. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. However, the organization has stated that this is different than CVE-2007-6166.)
 CVE-2007-6166 (Stack-based buffer overflow in Apple QuickTime 7.2 and 7.3 allows remote attackers to execute arbitrary code via a long Real Time Streaming Protocol (RTSP) Content-Type header.)
 CVE-2002-0252 (Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote web servers to execute arbitrary code via a response containing a long Content-Type MIME header.)
Original documentdocumentYag Kohha, QuickTime RTSP Response Content-type remote stack rewrite exploit (02.12.2007)
 documentCERT, US-CERT Technical Cyber Security Alert TA07-334A -- Apple QuickTime RTSP Buffer Overflow (02.12.2007)
Files:QuickTime RTSP Response Content-type remote stack rewrite exploit for IE 6/7
 Quicktime 7.3 RTSP Response Content-Type Header Stack Buffer Overflow exploit (metasploit)
 Apple QuickTime Player 7.3 / 7.2 IE7,FF /Opera, XP SP2, Vista exploit
 Apple Quicktime (Vista/XP Sp2 RTSP RESPONSE) Code Exec Exploit
 SPSadvisory#46]Apple QuickTime Player "Content-Type" Buffer Overflow

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod