CVE-2007-0748

Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allows remote attackers to execute arbitrary code via multiple trackID values in a SETUP RTSP request.

Published: May 14, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-0748
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
apple / darwin_streaming_server	5.0.1	5.0.1.x
apple / darwin_streaming_server	4.1.2	4.1.2.x
apple / darwin_streaming_server	5.5.4	5.5.4.x
apple / darwin_streaming_server	4.1.3	4.1.3.x

http://docs.info.apple.com/article.html?artnum=305495
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=533
http://lists.apple.com/archives/Security-announce/2007/May/msg00002.html
http://osvdb.org/35975
http://secunia.com/advisories/25193
http://www.securityfocus.com/bid/23918
http://www.securitytracker.com/id?1018047
http://www.vupen.com/english/advisories/2007/1770
https://exchange.xforce.ibmcloud.com/vulnerabilities/34225

Vulnerability Database

289,697

CVE-2007-0748