Apple QuickTime の RTSP 処理にバッファオーバフローの脆弱性
http://jvn.jp/tr/TRTA07-334A
JVNRSS based Status Tracking Notes: Apple QuickTime の Real Time Streaming Protocol (RTSP) ストリームの処理にはバッファオーバフローの脆弱性があります。JVNRSS Feasibility Study Teamjvn@jvn.jpTRTA07-334A2007-12-16T23:55+09:002007-12-01T22:29+09:002007-12-16T23:55+09:00QuickTime 7.3.1 released addresses RTSP vulnerability
http://isc.sans.org/diary.html?storyid=3746
SANS Internet Storm Centerhttp://www.us-cert.gov/cas/techalerts/TA07-334A.html2007-12-14T21:24+00:002007-12-14T21:24+00:002007-12-14T21:24+00:00Apple Releases Security Update to Address Multiple Vulnerabilities in QuickTime
http://www.us-cert.gov/current/archive/2007/12/14/archive.html#apple_releases_security_update_to6
US-CERT Current Activity としてセキュリティアップデートを報告
US-CERThttp://www.us-cert.gov/cas/techalerts/TA07-334A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-61662007-12-14T08:33-04:002007-12-14T08:33-04:002007-12-14T08:33-04:00QuickTime の脆弱性について(12/14)
http://www.cyberpolice.go.jp/important/2007/20071214_142118.html
@policehttp://www.us-cert.gov/cas/techalerts/TA07-334A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4706http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-47072007-12-14T14:21+09:002007-12-14T14:21+09:002007-12-14T14:21+09:00About the security content of QuickTime 7.3.1
http://docs.info.apple.com/article.html?artnum=307176-ja
アップルArticle ID: 307176http://www.us-cert.gov/cas/techalerts/TA07-334A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4706http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-47072007-12-132007-12-132007-12-13Apple Quick Time での RTSP Content-Type によるリモート コード実行
http://www.isskk.co.jp/support/techinfo/general/apple_quick_time_281.html
IBM インターネット セキュリティ システムズhttp://www.us-cert.gov/cas/techalerts/TA07-334A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166http://xforce.iss.net/xforce/xfdb/386042007-12-12T06:24+00:002007-12-12T06:24+00:002007-12-12T06:24+00:00Apple QuickTime RTSP Buffer Overflow
http://www.us-cert.gov/cas/techalerts/TA07-334A.html
US-CERT メーリングリスト経由で Technical Cyber Security Alert 受信
US-CERTTA07-334Ahttp://www.uscert.gov/cas/techalerts/TA07-334A.html2007-11-30T10:28-05:002007-11-30T10:28-05:002007-11-30T10:28-05:00アップル QuickTime の未修正の脆弱性に関する注意喚起
http://www.jpcert.or.jp/at/2007/at070023.txt
JPCERT/CCJPCERT-AT-2007-0023http://www.kb.cert.org/vuls/id/659761http://www.uscert.gov/cas/techalerts/TA07-334A.html2007-11-30T07:54+00:002007-11-30T07:54+00:002007-11-30T07:54+00:00Apple QuickTime 7.2/7.3 RSTP Response Universal Exploit (win/osx)
http://www.securityfocus.com/bid/26549?jvntrev=5
脆弱性(CVE-2007-6166) 検証コードに関する報告
#Cid: qtimertsp_redux.rb
Bugtraqhttp://www.us-cert.gov/cas/techalerts/TA07-334A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-61662007-11-292007-11-292007-11-29Vulnerability in Apple QuickTime
http://www.us-cert.gov/current/archive/2007/11/27/archive.html#0_day_vulnerability_in_apple
US-CERT Current Activity として検証コードの存在を報告
US-CERThttp://www.uscert.gov/cas/techalerts/TA07-334A.html2007-11-26T11:19-04:002007-11-26T11:19-04:002007-11-26T11:19-04:00Apple QuickTime 7.2/7.3 RSTP Response Universal Exploit (cool)
http://www.securityfocus.com/bid/26549?jvntrev=4
脆弱性(CVE-2007-6166) 検証コードに関する報告
#Cid: 11272007-qt_public.tar.gz
#Cid: 26549-qt_public.tar.gz
#Tested: Quicktime 7.3/7.2 (IE7/IE6) on Windows Vista
#Tested: Quicktime 7.3/7.2 (IE7/IE6) on Windows XP Pro SP2
Bugtraqhttp://www.us-cert.gov/cas/techalerts/TA07-334A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-61662007-11-272007-11-272007-11-27Apple QuickTime 7.2/7.3 RTSP Response Universal Exploit (IE7/FF/Opera)
http://www.securityfocus.com/bid/26549?jvntrev=3
脆弱性(CVE-2007-6166) 検証コードに関する報告
#Cid: 26549-uni2.py
#QuickTime Player 7.3/7.2 (IE7/FF/Opera) on Windows Vista
#QuickTime Player 7.3/7.2 (IE7/FF/Opera) on Windows XP Pro SP2
Bugtraqhttp://www.us-cert.gov/cas/techalerts/TA07-334A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-61662007-11-262007-11-262007-11-26Apple QuickTime 7.3 RTSP Response 0day
http://isc.sans.org/diary.html?storyid=3690
SANS Internet Storm Centerhttp://www.us-cert.gov/cas/techalerts/TA07-334A.html2007-11-262007-11-262007-11-26Symantec Security Response Weblog: Zero-Day Exploit for Apple Quick Time Vulnerability
http://www.symantec.com/enterprise/security_response/weblog/2007/11/0day_exploit_for_apple_quickti.html
シマンテックhttp://www.us-cert.gov/cas/techalerts/TA07-334A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-61662007-11-25T10:45+00:002007-11-25T10:45+00:002007-11-25T10:45+00:00Apple QuickTime 7.3 RTSP Response Universal Exploit (Vista / XP)
http://www.securityfocus.com/bid/26549?jvntrev=3
脆弱性(CVE-2007-6166) 検証コードに関する報告
#Cid: 26549-uni.py
#Tested: Quicktime 7.3 on Windows Vista
Bugtraqhttp://www.us-cert.gov/cas/techalerts/TA07-334A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-61662007-11-252007-11-252007-11-25Apple Quicktime (Vista/XP RSTP Response) Remote Code Exec
http://www.securityfocus.com/bid/26549?jvntrev=1
脆弱性(CVE-2007-6166) 検証コードに関する報告
#Cid: 26549.c
#Tested: Quicktime 7.3/7.2 on Windows Vista
#Tested: Quicktime 7.3/7.2 on Windows XP Pro SP2
Bugtraqhttp://www.us-cert.gov/cas/techalerts/TA07-334A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-61662007-11-242007-11-242007-11-24Apple QuickTime 7.3 RTSP Response 0day Remote SEH Overwrite PoC Exploit
http://www.securityfocus.com/bid/26549
脆弱性(CVE-2007-6166) 検証コードに関する報告
#Cid: 26549.py
#Tested: Quicktime 7.3 on Windows XP SP2
Bugtraqhttp://www.us-cert.gov/cas/techalerts/TA07-334A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-61662007-11-232007-11-232007-11-234rKN//Mq/hZTnwPEavkiRXnuzVw=ptlYvN+7fmfKGI202x58sOwUdY0=FvuFlia8WJ4xPctZPd7qIqcBr47gJ1dft/RJCOrdVYK9Y5ERQMpzFr0eSwO6JykJ08VWWGtCePwtmr1ffwIHiOLXt+Fk43c5/cl5YjHyZPfZ7Zto3jRF6o6GHr4JL0MgyAB+spjkIDCKSX7Od0PPcp/cMb3welLTsExADYV1F4Y=MIIE1DCCA7ygAwIBAgIQfBHY/s5/LRzGChqXgtjCKTANBgkqhkiG9w0BAQUFADCB3TELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNTEeMBwGA1UECxMVUGVyc29uYSBOb3QgVmFsaWRhdGVkMTcwNQYDVQQDEy5WZXJpU2lnbiBDbGFzcyAxIEluZGl2aWR1YWwgU3Vic2NyaWJlciBDQSAtIEcyMB4XDTA3MDcwNTAwMDAwMFoXDTA4MDcwNDIzNTk1OVowggEhMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNvcnAuIGJ5IFJlZi4sTElBQi5MVEQoYyk5ODEeMBwGA1UECxMVUGVyc29uYSBOb3QgVmFsaWRhdGVkMTQwMgYDVQQLEytEaWdpdGFsIElEIENsYXNzIDEgLSBNaWNyb3NvZnQgRnVsbCBTZXJ2aWNlMSYwJAYDVQQDFB1KVk5SU1MgRmVhc2liaWxpdHkgU3R1ZHkgVGVhbTEfMB0GCSqGSIb3DQEJARYQanZucnNzQGlwYS5nby5qcDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsCjiweXb23sjKQajfCS8WiHjax1ppkfkjhN/SwBp/LOOXlpZpzW/lHtKSnWJLPOZzLxIJUWARTZ+T2y2wCzDnKU9TOkNx56u7iBhhATVRyPby22uRY0Pf+1uu8vnSZPvAR50FI9o2COo9xCqfXZWU/RNWSrsrxJd2XL4Y6sYzL0CAwEAAaOBzDCByTAJBgNVHRMEAjAAMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHFwMwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYTALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMEoGA1UdHwRDMEEwP6A9oDuGOWh0dHA6Ly9JbmRDMURpZ2l0YWxJRC1jcmwudmVyaXNpZ24uY29tL0luZEMxRGlnaXRhbElELmNybDANBgkqhkiG9w0BAQUFAAOCAQEAHbEsHsaKt3O4OUlcec2BOe+MAP4eGW5X494WdegnLEW4tlAxZvctmLeGr0VRXMtF1JumpTLQcdQvUFp15N2+RDa1PrMFrkrCz9BdextE/7mykda0DzsAvbroqHbsu3tZOhnE7T61ZxtBuXOC0jChphl96yDn8NxvebCwcApB46oeKSbAFT21HRIWGiCo1QaMvB390MzFfOFfft1oHivREyIjgXNyAUSTunj/rQhodTnQRVdRuVwa5KSUErWOnNFM2uuXaF/vJqVRX2QR6zr+S+JGbw3ykc/7zkixEBbkSv3wOTh7BmsXRzRvLcaD92ifxOqFxWHQxIqMSxsbJ6WyPQ==