ID CVE-2007-0015
Summary Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI.
References
Vulnerable Configurations
  • Apple Quicktime 7.1.3
    cpe:2.3:a:apple:quicktime:7.1.3
CVSS
Base: 6.8 (as of 02-01-2007 - 01:57)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
  • description Apple QuickTime 7.1.3 RTSP URI Buffer Overflow. CVE-2007-0015. Remote exploit for windows platform
    id EDB-ID:16527
    last seen 2016-02-02
    modified 2010-05-04
    published 2010-05-04
    reporter metasploit
    source https://www.exploit-db.com/download/16527/
    title Apple QuickTime 7.1.3 RTSP URI Buffer Overflow
  • id EDB-ID:3064
metasploit via4
description This module exploits a buffer overflow in Apple QuickTime 7.1.3. This module was inspired by MOAB-01-01-2007. The Browser target for this module was tested against IE 6 and Firefox 1.5.0.3 on Windows XP SP0/2; Firefox 3 blacklists the QuickTime plugin.
id MSF:EXPLOIT/WINDOWS/BROWSER/APPLE_QUICKTIME_RTSP
last seen 2019-01-25
modified 2017-07-24
published 2007-02-18
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/apple_quicktime_rtsp.rb
title Apple QuickTime 7.1.3 RTSP URI Buffer Overflow
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2007-001.NASL
    description The remote host is running a version of Mac OS X 10.3 or 10.4 which does not have Security Update 2007-001 applied. This update fixes a flaw in QuickTime which may allow a rogue website to execute arbitrary code on the remote host by exploiting an overflow in the RTSP URL handler.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 24234
    published 2007-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24234
    title Mac OS X Security Update 2007-001
  • NASL family Windows
    NASL id QUICKTIME_RTSP_URL_HANDLER_OVERFLOW.NASL
    description A buffer overflow vulnerability exists in the RTSP URL handler in the version of QuickTime installed on the remote host. Using either HTML, JavaScript or a QTL file as an attack vector and an RTSP URL with a long path component, a remote attacker may be able to leverage this issue to execute arbitrary code on the remote host subject to the user's privileges.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 24268
    published 2007-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24268
    title QuickTime RTSP URL Handler Buffer Overflow (Windows)
packetstorm via4
refmap via4
apple APPLE-SA-2007-01-23
bid 21829
cert TA07-005A
cert-vn VU#442497
confirm http://docs.info.apple.com/article.html?artnum=304989
exploit-db 3064
misc
osvdb 31023
sectrack 1017461
secunia 23540
vupen ADV-2007-0001
xf quicktime-rtsp-url-bo(31203)
saint via4
bid 21829
description QuickTime rtsp src URL buffer overflow
id misc_quicktime
osvdb 31023
title quicktime_rtsp_src
type client
Last major update 07-03-2011 - 21:48
Published 01-01-2007 - 18:28
Last modified 18-10-2017 - 21:29
Back to Top