Published: 2007-12-01T13:29+00:00
Last Updated: 2007-12-16T14:55+00:00
TRTA07-334A
Apple QuickTime RTSP Buffer Overflow
Overview
Apple QuickTime contains a buffer overflow vulnerability in the way QuickTime processes Real Time Streaming #ee#Protocol (RTSP) streams. Exploitation of this vulnerability could allow an attacker to execute arbitrary code.
Event Information
| Date (UTC) | Description |
| 2007-12-14 21:24 |
SANS Internet Storm Center QuickTime 7.3.1 released addresses RTSP vulnerability |
| 2007-12-14 12:33 |
US-CERT Apple Releases Security Update to Address Multiple Vulnerabilities in QuickTime US-CERT Current Activity Apple has released a Security Update to address multiple vulnerabilities in QuickTime. The impacts of these vulnerabilities include arbitrary code execution and denial of service. |
| 2007-12-13 |
Apple Article ID: 307176: About the security content of QuickTime 7.3.1 |
| 2007-12-11 |
IBM Internet Security Systems Apple QuickTime RTSP Content-Type Remote Code Execution Apple QuickTime is vulnerable to a stack-based buffer overflow, caused by improper bounds checking of the Real Time Streaming Protocol (RTSP) Content-Type header. |
| 2007-11-30 15:28 |
US-CERT TA07-334A: Apple QuickTime RTSP Buffer Overflow Via US-CERT Mailing List |
| 2007-11-30 07:54 |
JPCERT/CC JPCERT-AT-2007-0023: Zero-day vulnerability in Apple QuickTime |
| 2007-11-29 |
Bugtraq Apple QuickTime 7.2/7.3 RSTP Response Universal Exploit (win/osx) Vulnerability Proof Of Concept (CVE-2007-6166) #Cid: qtimertsp_redux.rb |
| 2007-11-27 |
Bugtraq Apple QuickTime 7.2/7.3 RSTP Response Universal Exploit (cool) Vulnerability Proof Of Concept (CVE-2007-6166) #Cid: 11272007-qt_public.tar.gz #Cid: 26549-qt_public.tar.gz #Tested: Windows Vista + Quicktime 7.2 #Tested: Windows Vista + Quicktime 7.3 #Tested: Windows XP PRO SP2 + Quicktime 7.2 #Tested: Windows XP PRO SP2 + Quicktime 7.3 |
| 2007-11-26 15:19 |
US-CERT Vulnerability in Apple QuickTime US-CERT Current Activity US-CERT is aware of publicly available exploit code for a vulnerability in Apple QuickTime. This vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition on an affected system. |
| 2007-11-26 |
Bugtraq Apple QuickTime 7.2/7.3 RTSP Response Universal Exploit (IE7/FF/Opera) Vulnerability Proof Of Concept (CVE-2007-6166) #Cid: 26549-uni2.py #QuickTime Player 7.3/7.2 (IE7/FF/Opera) on Windows Vista #QuickTime Player 7.3/7.2 (IE7/FF/Opera) on Windows XP Pro SP2 |
| 2007-11-26 |
SANS Internet Storm Center Apple QuickTime 7.3 RTSP Response 0day |
| 2007-11-25 10:45 |
Symantec Symantec Security Response Weblog: Zero-Day Exploit for Apple Quick Time Vulnerability Proof of concept exploit code for a newly discovered vulnerability in Apple's QuickTime player has been made available to the public today. |
| 2007-11-25 |
Bugtraq Apple QuickTime 7.3 RTSP Response Universal Exploit (Vista / XP) Vulnerability Proof Of Concept (CVE-2007-6166) #Cid: 26549-uni.py #Tested: Windows Vista + Quicktime 7.3 |
| 2007-11-24 |
Bugtraq Apple Quicktime (Vista/XP RSTP Response) Remote Code Exec Vulnerability Proof Of Concept (CVE-2007-6166) #Cid: 26549.c #Tested: Windows Vista + Quicktime 7.2 #Tested: Windows Vista + Quicktime 7.3 #Tested: Windows XP PRO SP2 + Quicktime 7.2 #Tested: Windows XP PRO SP2 + Quicktime 7.3 |
| 2007-11-23 |
Bugtraq Apple QuickTime 7.3 RTSP Response 0day Remote SEH Overwrite PoC Exploit Vulnerability Proof Of Concept (CVE-2007-6166) #Cid: 26549.py #Tested: Windows XP SP2 + Quicktime 7.3 |