CVE-2007-6166 Information

Description

Stack-based buffer overflow in Apple QuickTime before 7.3.1 as used in QuickTime Player on Windows XP and Safari on Mac OS X allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.

Reference

http://docs.info.apple.com/article.html?artnum=307176 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00000.html http://secunia.com/advisories/27755 http://secunia.com/advisories/29182 http://security.gentoo.org/glsa/glsa-200803-08.xml http://securityreason.com/securityalert/3410 http://www.beskerming.com/security/2007/11/25/74/QuickTime_-_Remote_hacker_automatic_control http://www.kb.cert.org/vuls/id/659761 http://www.securityfocus.com/bid/26549 http://www.securityfocus.com/bid/26560 http://www.securitytracker.com/id?1018989 http://www.us-cert.gov/cas/techalerts/TA07-334A.html http://www.vupen.com/english/advisories/2007/3984 https://exchange.xforce.ibmcloud.com/vulnerabilities/38604 https://www.exploit-db.com/exploits/4648 https://www.exploit-db.com/exploits/6013