Apple QuickTime RTSP Response Reason-Phrase Remote Buffer Overflow Vulnerability
Gravité: : Critique
Identifiant(s) CVE: : CVE-2008-0234
Date du conseil: 21 juillet 2015
Description
Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message.
Information Exposure Rating:
Apply associated Trend Micro DPI Rules.
Solutions
Trend Micro Deep Security DPI Rule Number: 1001287
Trend Micro Deep Security DPI Rule Name: 1001287 - Apple QuickTime Player Buffer Overflow
Affected software and version:
- apple quicktime 7.3.1.70
- apple quicktime 7.4