Vulnerability Details : CVE-2007-6166
Public exploit exists!
Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.
Vulnerability category: OverflowExecute code
Products affected by CVE-2007-6166
- cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:5.0.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:5.0.2:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:5.0:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:6.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:6.5:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:6.5.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:6.5.2:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:3.0:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:4.1.2:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:-:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:7.1.6:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:quicktime:7.2:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-6166
83.92%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2007-6166
-
MacOS X QuickTime RTSP Content-Type Overflow
Disclosure Date: 2007-11-23First seen: 2020-04-26exploit/osx/rtsp/quicktime_rtsp_content_typeThis module exploits a stack-based buffer overflow in Apple QuickTime before version 7.3.1. By sending an overly long RTSP response to a client, an attacker may be able to execute arbitrary code. Authors: - unknown -
Apple QuickTime 7.3 RTSP Response Header Buffer Overflow
Disclosure Date: 2007-11-23First seen: 2020-04-26exploit/windows/misc/apple_quicktime_rtsp_responseThis module exploits a stack buffer overflow in Apple QuickTime 7.3. By sending an overly long RTSP response to a client, an attacker may be able to execute arbitrary code. Authors: - MC <mc@metasploit.com>
CVSS scores for CVE-2007-6166
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2007-6166
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-6166
-
https://www.exploit-db.com/exploits/4648
Apple QuickTime 7.2/7.3 - RTSP Response Remote Overwrite (SEH) - Multiple dos Exploit
-
http://www.securityfocus.com/bid/26549
Apple QuickTime RTSP Response Header Content-Type Remote Stack Based Buffer Overflow Vulnerability
-
http://security.gentoo.org/glsa/glsa-200803-08.xml
-
http://www.securitytracker.com/id?1018989
-
http://www.us-cert.gov/cas/techalerts/TA07-334A.html
US Government Resource
-
http://www.kb.cert.org/vuls/id/659761
US Government Resource
-
http://docs.info.apple.com/article.html?artnum=307176
-
http://securityreason.com/securityalert/3410
-
http://www.securityfocus.com/bid/26560
-
http://secunia.com/advisories/29182
Vendor Advisory
-
http://www.beskerming.com/security/2007/11/25/74/QuickTime_-_Remote_hacker_automatic_control
-
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00000.html
-
https://www.exploit-db.com/exploits/6013
-
http://www.vupen.com/english/advisories/2007/3984
Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/38604
-
http://secunia.com/advisories/27755
Vendor Advisory
Jump to