Login   |   Secure Purdue > News

Apple Quicktime RTSP buffer overflow vulnerability

Details are emerging about a critical exploit vulnerability in Apple's Quicktime product. An unpatched flaw in the RTSP (real-time streaming protocol) may allow remote attackers to compromise a system.

The vulnerability relates to how Quicktime handles RTSP replies, and can be exploited by sending an RTSP reply containing a RTSP "Content-Type" header which is too long for the buffer, which causes an overflow.

Attackers may be able to leverage this vulnerability in order to execute arbitrary code on the victim's system. Successful exploitation of this vulnerability requires the user to be tricked into opening a maliciously crafted file or visiting a malicious website or link.

This vulnerability affects version 7.3, but other versions may also be vulnerable. Exploit code is publicly available, and malicious websites hosting this exploit have been observed.

Users are very strongly advised to not open any untrusted quicktime streams, either from files in attachments, links or on untrusted websites.

More information can be found below.

US-CERT Note VU#659761
http://www.kb.cert.org/vuls/id/659761

CVE reference for this vulnerability is CVE-2007-6166:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166

Secunia's page:
http://secunia.com/advisories/27755/

SANS ISC handler's page:
http://isc.sans.org/diary.html?storyid=3713

Posted by William Harshbarger on December 03, 2007, in Handlers Log.