Detections
Analytics
QuickTime RTSP URL Handler Buffer Overflow (Windows)
medium Nessus Plugin ID 24268
Synopsis
The remote version of QuickTime is affected by a buffer overflow vulnerability.Description
A buffer overflow vulnerability exists in the RTSP URL handler in the version of QuickTime installed on the remote host. Using either HTML, JavaScript or a QTL file as an attack vector and an RTSP URL with a long path component, a remote attacker may be able to leverage this issue to execute arbitrary code on the remote host subject to the user's privileges.Solution
Apply Apple's Security Update 2007-001, which is available via the 'Apple Software Update' application, installed with the most recent version of QuickTime or iTunes.See Also
http://www.nessus.org/u?ebb12673
http://projects.info-pull.com/moab/MOAB-01-01-2007.html
http://docs.info.apple.com/article.html?artnum=304989
https://lists.apple.com/archives/Security-announce/2007/Jan/msg00000.html
https://blogs.flexera.com/vulnerability-management/2007/01/quicktime-update-me-and-stay-vulnerable/
Plugin Details
Severity: Medium
ID: 24268
File Name: quicktime_rtsp_url_handler_overflow.nasl
Version: 1.23
Type: local
Agent: windows
Family: Windows
Published: 2/2/2007
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.8
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:apple:quicktime
Required KB Items: SMB/QuickTime/Version
Exploit Available: true
Exploit Ease: Exploits are available
Vulnerability Publication Date: 1/1/2007
Exploitable With
CANVAS (CANVAS)
Core Impact
Metasploit (Apple QuickTime 7.1.3 RTSP URI Buffer Overflow)
Reference Information
CVE: CVE-2007-0015
BID: 21829
CERT: 442497