Apple QuickTime RTSP Response Crafted Content-Type Header Buffer Overflow

• Email
• Facebook
• 
  Twitter
• Google+
• Linkedin

  Severity: CRITICAL

  CVE Identifier: CVE-2007-6166

  Advisory Date: JUL 21, 2015

---

  DESCRIPTION

Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.

  TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1001197

  Trend Micro Deep Security DPI Rule Name: 1001197 - Apple QuickTime RTSP Response Header Content-Length Remote Buffer Overflow

  AFFECTED SOFTWARE AND VERSION

• apple quicktime 3
• apple quicktime 4.1.2
• apple quicktime 5.0
• apple quicktime 5.0.1
• apple quicktime 5.0.2
• apple quicktime 6.0
• apple quicktime 6.1
• apple quicktime 6.5
• apple quicktime 6.5.1
• apple quicktime 6.5.2
• apple quicktime 7.0
• apple quicktime 7.0.1
• apple quicktime 7.0.2
• apple quicktime 7.0.3
• apple quicktime 7.0.4
• apple quicktime 7.0.8
• apple quicktime 7.1
• apple quicktime 7.1.1
• apple quicktime 7.1.2
• apple quicktime 7.1.3
• apple quicktime 7.1.4
• apple quicktime 7.1.5
• apple quicktime 7.1.6
• apple quicktime 7.2
• apple quicktime 7.3