HighIBM Security Server Protection for Windows, Proventia Network MFS, Proventia Network IDS, Proventia-G 1.1 and earlier, RealSecure Network, RealSecure Server Sensor, BlackICE Server Protection, BlackICE PC Protection, Proventia Desktop, Proventia Network IPS, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:
This signature looks for an excessively long Content-Type in a Realtime Streaming Protocol (RTSP) message that could lead to remote code execution in QuickTime.
This signature looks for an excessively long Content-Type in a Realtime Streaming Protocol (RTSP) response that could lead to remote code execution in QuickTime.
High
IBM Security Server Protection for Windows: 1.0.914.2130, Proventia Network MFS: XPU 27.120, IBM Security Server Protection for Windows: 2.1.14.2400, Proventia Network IDS: XPU 27.120, Proventia-G 1.1 and earlier: XPU 27.120, RealSecure Network: XPU 27.120, RealSecure Server Sensor: XPU 27.120, BlackICE Server Protection: 3.6.cqs, BlackICE PC Protection: 3.6cqs, Proventia Desktop: 2130, Proventia Network IPS: XPU 27.120, Proventia Server IPS for Linux technology: 27.120, Virtual Server Protection for Vmware: 1.0
Gentoo Linux, Microsoft Windows XP: SP2, Apple Mac OS X: 10.3.9, Microsoft Windows Vista, Apple Mac OS X: 10.4.9, Apple QuickTime: 7.2, Apple Mac OS X: 10.5, Apple QuickTime: 7.3
Unauthorized Access Attempt
Apple QuickTime is vulnerable to a stack-based buffer overflow, caused by improper bounds checking of the Real Time Streaming Protocol (RTSP) Content-Type header. By persuading a victim to connect to a specially-crafted RTSP stream, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
Upgrade to the latest version of Apple QuickTime (7.3.1 or later), available from the Apple Web site. See References.
milw0rm.com [2007-11-23]
Apple QuickTime 7.3 RTSP Response Remote SEH Overwrite PoC
http://milw0rm.com/exploits/4648
milw0rm.com [2007-11-24]
Apple QuickTime 7.3 RTSP Response Universal Exploit (Vista / XP)
http://milw0rm.com/exploits/4657
milw0rm.com [2007-11-24]
Apple Quicktime 7.2/7.3 (RSTP Response) Code Exec Exploit (Vista/XP)
http://milw0rm.com/exploits/4651
Sunnet Beskering Security Portal
QuickTime - Remote hacker automatic control
http://www.beskerming.com/security/2007/11/25/74/QuickTime_-_Remote_hacker_automatic_control
milw0rm.com [2007-11-27]
Apple QuickTime 7.2/7.3 RSTP Response Universal Exploit (cool)
http://milw0rm.com/exploits/4664
milw0rm.com [2007-11-29]
Apple QuickTime 7.2/7.3 RSTP Response Universal Exploit (win/osx)
http://milw0rm.com/exploits/4673
IBM Internet Security Systems Protection Alert Dec 11, 2007
Apple QuickTime RTSP Content-Type Remote Code Execution
http://www.iss.net/threats/281.html
milw0rm.com [2008-07-06]
Safari + Quicktime <= 7.3 RTSP Content-Type Remote BOF Exploit
http://milw0rm.com/exploits/6013
Offensive Security Exploit Database [01-06-2010]
Apple QuickTime 7.2/7.3 RTSP BOF (Perl)
http://www.exploit-db.com/exploits/11027
ISS X-Force
Apple QuickTime RTSP Content-Type header buffer overflow
http://www.iss.net/security_center/static/38604.php
CVE
CVE-2007-6166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166