Detections
Analytics

CVE-2007-6166

critical

Description

Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.

References

https://www.exploit-db.com/exploits/6013

https://www.exploit-db.com/exploits/4648

https://exchange.xforce.ibmcloud.com/vulnerabilities/38604

http://www.vupen.com/english/advisories/2007/3984

http://www.us-cert.gov/cas/techalerts/TA07-334A.html

http://www.securitytracker.com/id?1018989

http://www.securityfocus.com/bid/26560

http://www.securityfocus.com/bid/26549

http://www.kb.cert.org/vuls/id/659761

http://www.beskerming.com/security/2007/11/25/74/QuickTime_-_Remote_hacker_automatic_control

http://securityreason.com/securityalert/3410

http://security.gentoo.org/glsa/glsa-200803-08.xml

http://secunia.com/advisories/29182

http://secunia.com/advisories/27755

http://lists.apple.com/archives/Security-announce/2007/Dec/msg00000.html

http://docs.info.apple.com/article.html?artnum=307176

Details

Source: Mitre, NVD

Published: 2007-11-29

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.83919