Status Tracking Note TRTA07-005A

Apple QuickTime RTSP Buffer Overflow

Apple QuickTime contains a buffer overflow in the handling of RTSP URLs. This can allow a remote attacker to execute arbitrary code on a vulnerable system.

Event Information

Date (UTC)	Description
2007-01-05 21:49	US-CERT TA07-005A: Apple QuickTime RTSP Buffer Overflow Via US-CERT Mailing List
2007-01-03 02:00	US-CERT Proof-of-Concept Code for a Vulnerability in Apple QuickTime US-CERT is aware of proof-of-concept code for a buffer overflow vulnerability in Apple QuickTime. The flaw is in the way that QuickTime handles Real Time Streaming Protocol (RTSP) URL strings. By persuading a user to access a specially crafted QuickTime file, a remote attacker may be able to execute arbitrary code or cause a denial of service on a vulnerable system.
2007-01-03	Apple Quicktime (rtsp URL Handler) Buffer Overflow Exploit (win2k) a proof-of-concept code for this vulnerability #Cid: 21289.py #Tested: Windows 2000 SP0 + Quicktime 7.1.3.100 #Tested: Windows 2000 SP4 + Quicktime 7.1.3.100
2007-01-03	SANS Internet Storm Center Apple QuickTime RTSP URL Handler Vulnerability The Month of the Apple bugs seems to have started. The first bug is in the handling of RTSP URL's within Quicktime, leading to arbitrary code execution on both Windows and Mac OS.
2007-01-01	MOAB-01-01-2007: Apple Quicktime rtsp URL Handler Stack-based Buffer Overflow A vulnerability exists in the handling of the rtsp:// URL handler. a proof-of-concept code for this vulnerability (CVE-2007-0015) #Cid: MOAB-01-01-2007.rb #Tested: Mac OS X 10.4.8
2006-12-31 22:01	Symantec ThreatCON (2) => (1)


Date first published (UTC):	2007-01-07T05:30+00:00
Date last updated (UTC):	2007-01-07T05:30+00:00