NVD Vulnerability Detail

CVE-2007-6166

Summary	Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.
Publication Date	Nov. 29, 2007, 10:46 a.m.
Registration Date	Jan. 29, 2021, 2:24 p.m.
Last Update	Oct. 31, 2018, 1:25 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:apple:quicktime:-:::::::*
cpe:2.3:a:apple:quicktime:3.0:::::::*
cpe:2.3:a:apple:quicktime:4.1.2:::::::*
cpe:2.3:a:apple:quicktime:5.0:::::::*
cpe:2.3:a:apple:quicktime:5.0.1:::::::*
cpe:2.3:a:apple:quicktime:5.0.2:::::::*
cpe:2.3:a:apple:quicktime:6.0:::::::*
cpe:2.3:a:apple:quicktime:6.1:::::::*
cpe:2.3:a:apple:quicktime:6.5:::::::*
cpe:2.3:a:apple:quicktime:6.5.1:::::::*
cpe:2.3:a:apple:quicktime:6.5.2:::::::*
cpe:2.3:a:apple:quicktime:7.0:::::::*
cpe:2.3:a:apple:quicktime:7.0.1:::::::*
cpe:2.3:a:apple:quicktime:7.0.2:::::::*
cpe:2.3:a:apple:quicktime:7.0.3:::::::*
cpe:2.3:a:apple:quicktime:7.0.4:::::::*
cpe:2.3:a:apple:quicktime:7.1:::::::*
cpe:2.3:a:apple:quicktime:7.1.1:::::::*
cpe:2.3:a:apple:quicktime:7.1.2:::::::*
cpe:2.3:a:apple:quicktime:7.1.3:::::::*
cpe:2.3:a:apple:quicktime:7.1.4:::::::*
cpe:2.3:a:apple:quicktime:7.1.5:::::::*
cpe:2.3:a:apple:quicktime:7.1.6:::::::*
cpe:2.3:a:apple:quicktime:7.2:::::::*
cpe:2.3:a:apple:quicktime::::::::			7.3
execution environment
1	cpe:2.3:o:microsoft:windows_vista::::::::
2	cpe:2.3:o:microsoft:windows_xp::sp2::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://docs.info.apple.com/article.html?artnum=307176	MISC
2	http://lists.apple.com/archives/Security-announce/2007/Dec/msg00000.html	APPLE
3	http://secunia.com/advisories/27755	SECUNIA	Vendor Advisory
4	http://secunia.com/advisories/29182	SECUNIA	Vendor Advisory
5	http://security.gentoo.org/glsa/glsa-200803-08.xml	GENTOO
6	http://securityreason.com/securityalert/3410	SREASON
7	http://www.beskerming.com/security/2007/11/25/74/QuickTime_-_Remote_hacker_automatic_control	MISC
8	http://www.kb.cert.org/vuls/id/659761	CERT-VN	US Government Resource
9	http://www.securityfocus.com/bid/26549	BID
10	http://www.securityfocus.com/bid/26560	BID
11	http://www.securitytracker.com/id?1018989	SECTRACK
12	http://www.us-cert.gov/cas/techalerts/TA07-334A.html	CERT	US Government Resource
13	http://www.vupen.com/english/advisories/2007/3984	VUPEN	Vendor Advisory
14	https://exchange.xforce.ibmcloud.com/vulnerabilities/38604	XF
15	https://www.exploit-db.com/exploits/4648	EXPLOIT-DB
16	https://www.exploit-db.com/exploits/6013	EXPLOIT-DB

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:apple:quicktime:-:::::::*
cpe:2.3:a:apple:quicktime:3.0:::::::*
cpe:2.3:a:apple:quicktime:4.1.2:::::::*
cpe:2.3:a:apple:quicktime:5.0:::::::*
cpe:2.3:a:apple:quicktime:5.0.1:::::::*
cpe:2.3:a:apple:quicktime:5.0.2:::::::*
cpe:2.3:a:apple:quicktime:6.0:::::::*
cpe:2.3:a:apple:quicktime:6.1:::::::*
cpe:2.3:a:apple:quicktime:6.5:::::::*
cpe:2.3:a:apple:quicktime:6.5.1:::::::*
cpe:2.3:a:apple:quicktime:6.5.2:::::::*
cpe:2.3:a:apple:quicktime:7.0:::::::*
cpe:2.3:a:apple:quicktime:7.0.1:::::::*
cpe:2.3:a:apple:quicktime:7.0.2:::::::*
cpe:2.3:a:apple:quicktime:7.0.3:::::::*
cpe:2.3:a:apple:quicktime:7.0.4:::::::*
cpe:2.3:a:apple:quicktime:7.1:::::::*
cpe:2.3:a:apple:quicktime:7.1.1:::::::*
cpe:2.3:a:apple:quicktime:7.1.2:::::::*
cpe:2.3:a:apple:quicktime:7.1.3:::::::*
cpe:2.3:a:apple:quicktime:7.1.4:::::::*
cpe:2.3:a:apple:quicktime:7.1.5:::::::*
cpe:2.3:a:apple:quicktime:7.1.6:::::::*
cpe:2.3:a:apple:quicktime:7.2:::::::*
cpe:2.3:a:apple:quicktime::::::::			7.3
execution environment
1	cpe:2.3:o:microsoft:windows_vista::::::::
2	cpe:2.3:o:microsoft:windows_xp::sp2::::::*