Vulnerability Name: | CVE-2007-6166 (CCN-38604) |
Assigned: | 2007-11-23 |
Published: | 2007-11-23 |
Updated: | 2018-10-30 |
Summary: | Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.
|
CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Changed
| Impact Metrics: | Confidentiality (C): High Integrity (I): High Availibility (A): High |
|
CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 7.7 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None | Impact Metrics: | Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete | 9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 7.7 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
| Impact Metrics: | Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete |
|
Vulnerability Type: | CWE-119
|
Vulnerability Consequences: | Gain Access |
References: | Source: MITRE Type: CNA CVE-2007-6166
Source: MISC Type: UNKNOWN http://docs.info.apple.com/article.html?artnum=307176
Source: APPLE Type: UNKNOWN APPLE-SA-2007-12-13
Source: CCN Type: SA27755 Apple QuickTime RTSP "Content-Type" Header Buffer Overflow
Source: SECUNIA Type: Vendor Advisory 27755
Source: SECUNIA Type: Vendor Advisory 29182
Source: GENTOO Type: UNKNOWN GLSA-200803-08
Source: SREASON Type: UNKNOWN 3410
Source: CCN Type: SECTRACK ID: 1018989 QuickTime Buffer Overflow in Processing RTSP Content-Type Header Values Lets Remote Users Execute Arbitrary Code
Source: CCN Type: Sunnet Beskering Security Portal QuickTime - Remote hacker automatic control
Source: MISC Type: UNKNOWN http://www.beskerming.com/security/2007/11/25/74/QuickTime_-_Remote_hacker_automatic_control
Source: CCN Type: GLSA-200803-08 Win32 binary codecs: Multiple vulnerabilities
Source: CCN Type: IBM Internet Security Systems Protection Alert Dec 11, 2007 Apple QuickTime RTSP Content-Type Remote Code Execution
Source: CCN Type: US-CERT VU#659761 Apple QuickTime RTSP Content-Type header stack buffer overflow
Source: CERT-VN Type: US Government Resource VU#659761
Source: CCN Type: OSVDB ID: 40876 Apple QuickTime RTSP Content-Type Header Processing Overflow
Source: CCN Type: OSVDB ID: 42307 Apple Quicktime Unspecified Overflow
Source: BID Type: UNKNOWN 26549
Source: CCN Type: BID-26549 Apple QuickTime RTSP Response Header Content-Type Remote Stack Based Buffer Overflow Vulnerability
Source: BID Type: UNKNOWN 26560
Source: CCN Type: BID-26560 RETIRED: Apple QuickTime RTSP Response Header Content-Length Remote Buffer Overflow Vulnerability
Source: SECTRACK Type: UNKNOWN 1018989
Source: CERT Type: US Government Resource TA07-334A
Source: VUPEN Type: Vendor Advisory ADV-2007-3984
Source: XF Type: UNKNOWN quicktime-rtsp-contenttype-bo(38604)
Source: XF Type: UNKNOWN quicktime-rtsp-contenttype-bo(38604)
Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [01-06-2010]
Source: EXPLOIT-DB Type: UNKNOWN 4648
Source: EXPLOIT-DB Type: UNKNOWN 6013
Source: CCN Type: Rapid7 Vulnerability and Exploit Database [11-23-2007] MacOS X QuickTime RTSP Content-Type Overflow
Source: CCN Type: Rapid7 Vulnerability and Exploit Database [11-23-2007] Apple QuickTime 7.3 RTSP Response Header Buffer Overflow
|
Vulnerable Configuration: | Configuration 1: cpe:/a:apple:quicktime:-:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:3.0:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:4.1.2:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:5.0:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:5.0.1:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:5.0.2:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:6.0:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:6.1:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:6.5:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:6.5.1:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:6.5.2:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:7.0:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:7.0.1:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:7.0.2:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:7.0.3:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:7.0.4:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:7.1:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:7.1.1:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:7.1.2:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:7.1.3:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:7.1.4:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:7.1.5:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:7.1.6:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:7.2:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:*:*:*:*:*:*:*:* (Version <= 7.3)AND cpe:/o:microsoft:windows_vista:*:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_xp:*:sp2:*:*:*:*:*:* Configuration 2: cpe:/a:apple:safari:*:*:*:*:*:*:*:*AND cpe:/o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.5:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:* Configuration CCN 1: cpe:/a:apple:quicktime:7.2:*:*:*:*:*:*:*OR cpe:/a:apple:quicktime:7.3:*:*:*:*:*:*:*AND cpe:/o:gentoo:linux:-:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_vista:-:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.5:*:*:*:*:*:*:*
Denotes that component is vulnerable |
BACK |