CVE-2007-6166

Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.

Published: Nov 29, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-6166
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
apple / quicktime	-	7.3.x
apple / quicktime	3.0	3.0.x
apple / quicktime	4.1.2	4.1.2.x
apple / quicktime	5.0	5.0.x
apple / quicktime	5.0.1	5.0.1.x
apple / quicktime	5.0.2	5.0.2.x
apple / quicktime	6.0	6.0.x
apple / quicktime	6.1	6.1.x
apple / quicktime	6.5	6.5.x
apple / quicktime	6.5.1	6.5.1.x
apple / quicktime	6.5.2	6.5.2.x
apple / quicktime	7.0	7.0.x
apple / quicktime	7.0.1	7.0.1.x
apple / quicktime	7.0.2	7.0.2.x
apple / quicktime	7.0.3	7.0.3.x
apple / quicktime	7.0.4	7.0.4.x
apple / quicktime	7.1	7.1.x
apple / quicktime	7.1.1	7.1.1.x
apple / quicktime	7.1.2	7.1.2.x
apple / quicktime	7.1.3	7.1.3.x
apple / quicktime	7.1.4	7.1.4.x
apple / quicktime	7.1.5	7.1.5.x
apple / quicktime	7.1.6	7.1.6.x
apple / quicktime	7.2	7.2.x
apple / safari	-	-

Vulnerability Database

289,782

CVE-2007-6166