Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2007-6166

Published: 29/11/2007 Updated: 30/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 970
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Apple

Vulnerability Summary

Stack-based buffer overflow in Apple QuickTime prior to 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.

Vulnerable Product Search on Vulmon Subscribe to Product

apple quicktime 7.0.1

apple quicktime 6.5.1

apple quicktime 5.0

apple quicktime 6.0

apple quicktime 7.1.4

apple quicktime 3.0

apple quicktime 7.0.4

apple quicktime 7.1.1

apple quicktime 7.0.3

apple quicktime 7.1.2

apple quicktime

apple quicktime 4.1.2

apple quicktime 7.0.2

apple quicktime -

apple quicktime 5.0.1

apple quicktime 6.5

apple quicktime 7.1.3

apple quicktime 7.1.6

apple quicktime 7.0

apple quicktime 6.5.2

apple quicktime 6.1

apple quicktime 5.0.2

apple quicktime 7.1

apple quicktime 7.1.5

apple quicktime 7.2

apple safari

Exploits

Exploit DB: Apple QuickTime 7.3 - RTSP Response Header Buffer Overflow (Metasploit)
## # $Id: apple_quicktime_rtsp_responserb 9262 2010-05-09 17:45:00Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## class Metasp ...
Exploit DB: Apple QuickTime 7.2/7.3 - RTSP Buffer Overflow (Perl)
# Exploit Title: Apple QuickTime 72/73 RTSP BOF (Perl) # Date: 2009-01-06 # Author: Jacky # Software Link: [downoad link if available] # Version: 72/73 # Tested on: Windows XP SP3 # CVE : [if exists] # Code : #Apple QuickTime 72/73 RTSP BOF (Perl Edition ) #Discovered by (Krystian Kloskowski (h07) <h07@interiapl>) #Written and coded by ...
Exploit DB: Apple Safari / QuickTime 7.3 - RTSP Content-Type Remote Buffer Overflow
#!/usr/bin/perl # # quickbitepl # # Safari + Quicktime <= 73 RTSP Content-Type overflow exploit # for Mac OS X (Intel) # # Tested with OS X 104 # On victim, browse to server:8080/ # Binds shell on port 4444 # # by krafty # # greets to sk, halvar, grugq, and all the ethnical hackers # extra thanks to ddz for osx hackery # sec-con gre ...
Exploit DB: Apple QuickTime 7.2/7.3 - RSTP Response Universal
___ Everyone Loves O|0_+|O the Hypnotoad || | | =o0O=====O0o=============================== | QuickTime RTSP Response Content-type | | remote stack rewrite exploit for IE 6/7 | | by Yag Kohha (skyhole [at] gmailcom) | =========================================== Exploit tested on: - W ...
Exploit DB: Apple QuickTime (Mac OSX) - RTSP Content-Type Overflow (Metasploit)
## # $Id: quicktime_rtsp_content_typerb 10617 2010-10-09 06:55:52Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/ ...
Exploit DB: Apple QuickTime 7.2/7.3 - RTSP Response Remote Overwrite (SEH)
#!/usr/bin/python # Apple QuickTime 73 RTSP Response 0day Remote SEH Overwrite PoC Exploit # Bug discovered by Krystian Kloskowski (h07) <h07@interiapl> # Tested on: Apple QuickTime Player 73 / XP SP2 Polish # Details: # # (RTSP) Content-Type: [A * 995] + [B * 4096]\r\n # # 0x41414141 Pointer to next SEH record # 0x42424242 SE handler ...
Exploit DB: Apple QuickTime 7.2/7.3 (Internet Explorer 7 / Firefox / Opera) - RTSP Response Universal
#!/usr/bin/python ########################################################################## # wwwoffensive-securitycom # Bug discovered by Krystian Kloskowski (h07) <h07@interiapl> # Tested on: Apple QuickTime Player 73 / 72 IE7,FF /Opera, XP SP2, Vista # This exploit is completely "Universal" It has also been modded to work ...
Exploit DB: Apple QuickTime 7.2/7.3 (Windows Vista/XP) - RSTP Response Code Execution
/* ============================================================= Apple Quicktime (Vista/XP RSTP Response) Remote Code Exec ============================================================= Discovered by: h07 Author: InTeL *Tested on: - Quicktime 73 on Windows Vista, Result: SEH Overwrite, Code Exec - Quicktime 72 on Windows Vista, Result: SEH ...

References

CWE-119http://www.beskerming.com/security/2007/11/25/74/QuickTime_-_Remote_hacker_automatic_controlhttp://www.kb.cert.org/vuls/id/659761http://www.securityfocus.com/bid/26549http://www.securitytracker.com/id?1018989http://secunia.com/advisories/27755http://docs.info.apple.com/article.html?artnum=307176http://lists.apple.com/archives/Security-announce/2007/Dec/msg00000.htmlhttp://www.us-cert.gov/cas/techalerts/TA07-334A.htmlhttp://www.securityfocus.com/bid/26560http://security.gentoo.org/glsa/glsa-200803-08.xmlhttp://secunia.com/advisories/29182http://securityreason.com/securityalert/3410http://www.vupen.com/english/advisories/2007/3984https://exchange.xforce.ibmcloud.com/vulnerabilities/38604https://www.exploit-db.com/exploits/6013https://www.exploit-db.com/exploits/4648https://nvd.nist.govhttps://www.exploit-db.com/exploits/16424/https://www.kb.cert.org/vuls/id/659761
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook