Vulnerability Details : CVE-2007-6166
Public exploit exists!
Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2007-6166
Probability of exploitation activity in the next 30 days: 97.02%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2007-6166
-
MacOS X QuickTime RTSP Content-Type Overflow
Disclosure Date: 2007-11-23First seen: 2020-04-26exploit/osx/rtsp/quicktime_rtsp_content_typeThis module exploits a stack-based buffer overflow in Apple QuickTime before version 7.3.1. By sending an overly long RTSP response to a client, an attacker may be able to execute arbitrary code. Authors: - unknown -
Apple QuickTime 7.3 RTSP Response Header Buffer Overflow
Disclosure Date: 2007-11-23First seen: 2020-04-26exploit/windows/misc/apple_quicktime_rtsp_responseThis module exploits a stack buffer overflow in Apple QuickTime 7.3. By sending an overly long RTSP response to a client, an attacker may be able to execute arbitrary code. Authors: - MC <mc@metasploit.com>
CVSS scores for CVE-2007-6166
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2007-6166
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-6166
-
https://www.exploit-db.com/exploits/4648
Apple QuickTime 7.2/7.3 - RTSP Response Remote Overwrite (SEH) - Multiple dos Exploit
-
http://www.securityfocus.com/bid/26549
Apple QuickTime RTSP Response Header Content-Type Remote Stack Based Buffer Overflow Vulnerability
- http://security.gentoo.org/glsa/glsa-200803-08.xml
-
http://www.securitytracker.com/id?1018989
-
http://www.us-cert.gov/cas/techalerts/TA07-334A.html
US Government Resource
-
http://www.kb.cert.org/vuls/id/659761
US Government Resource
- http://docs.info.apple.com/article.html?artnum=307176
-
http://securityreason.com/securityalert/3410
-
http://www.securityfocus.com/bid/26560
-
http://www.beskerming.com/security/2007/11/25/74/QuickTime_-_Remote_hacker_automatic_control
- http://lists.apple.com/archives/Security-announce/2007/Dec/msg00000.html
-
https://www.exploit-db.com/exploits/6013
-
http://www.vupen.com/english/advisories/2007/3984
Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/38604
Products affected by CVE-2007-6166
- cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:5.0.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:5.0.2:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:5.0:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:6.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:6.5:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:6.5.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:6.5.2:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:3.0:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:4.1.2:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:-:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:7.1.6:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:7.2:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*