CVE Vulnerability

CVE-2007-6166

Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.

9.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://www.beskerming.com/security/2007/11/25/74/QuickTime_-_Remote_hacker_automatic_control
http://www.kb.cert.org/vuls/id/659761 US Government Resource
http://www.securityfocus.com/bid/26549
http://www.securitytracker.com/id?1018989
http://secunia.com/advisories/27755 Vendor Advisory
http://docs.info.apple.com/article.html?artnum=307176
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00000.html
http://www.us-cert.gov/cas/techalerts/TA07-334A.html US Government Resource
http://www.securityfocus.com/bid/26560
http://security.gentoo.org/glsa/glsa-200803-08.xml
http://secunia.com/advisories/29182 Vendor Advisory
http://securityreason.com/securityalert/3410
http://www.vupen.com/english/advisories/2007/3984 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/38604
https://www.exploit-db.com/exploits/6013
https://www.exploit-db.com/exploits/4648
Configurations

Configuration 1
Information

Published : 2007-11-29 01:46

Updated : 2018-10-30 04:25

NVD link : CVE-2007-6166

Mitre link : CVE-2007-6166

Products Affected
No products.
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer