Status Tracking Note TRTA07-005A

Apple QuickTime RTSP Buffer Overflow

Overview

Apple QuickTime contains a buffer overflow in the handling of RTSP URLs. This can allow a remote attacker to execute arbitrary code on a vulnerable system.
Event Information


Date (UTC)Description
2007-01-05 21:49 US-CERT
TA07-005A: Apple QuickTime RTSP Buffer Overflow
Via US-CERT Mailing List
2007-01-03 02:00 US-CERT
Proof-of-Concept Code for a Vulnerability in Apple QuickTime
US-CERT is aware of proof-of-concept code for a buffer overflow vulnerability in Apple QuickTime. The flaw is in the way that QuickTime handles Real Time Streaming Protocol (RTSP) URL strings. By persuading a user to access a specially crafted QuickTime file, a remote attacker may be able to execute arbitrary code or cause a denial of service on a vulnerable system.
2007-01-03
Apple Quicktime (rtsp URL Handler) Buffer Overflow Exploit (win2k)
a proof-of-concept code for this vulnerability
#Cid: 21289.py
#Tested: Windows 2000 SP0 + Quicktime 7.1.3.100
#Tested: Windows 2000 SP4 + Quicktime 7.1.3.100
2007-01-03 SANS Internet Storm Center
Apple QuickTime RTSP URL Handler Vulnerability
The Month of the Apple bugs seems to have started. The first bug is in the handling of RTSP URL's within Quicktime, leading to arbitrary code execution on both Windows and Mac OS.
2007-01-01
MOAB-01-01-2007: Apple Quicktime rtsp URL Handler Stack-based Buffer Overflow
A vulnerability exists in the handling of the rtsp:// URL handler.
a proof-of-concept code for this vulnerability (CVE-2007-0015)
#Cid: MOAB-01-01-2007.rb
#Tested: Mac OS X 10.4.8
2006-12-31 22:01 Symantec
ThreatCON (2) => (1)


Date first published (UTC): 2007-01-07T05:30+00:00
Date last updated (UTC): 2007-01-07T05:30+00:00