CVE-2007-6166 — HIGH (9.3) — White Hats Nepal

Q: How severe is CVE-2007-6166?

CVE-2007-6166 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-6166?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Quicktime, Microsoft Windows Vista, Microsoft Windows Xp, Apple Safari, Apple Mac Os X.

Vulnerability Description

Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Apple	Quicktime	<= 7.3
Microsoft	Windows Vista	All versions
Microsoft	Windows Xp	All versions
Apple	Safari	All versions
Apple	Mac Os X	10.3.9

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2007-6166?

CVE-2007-6166 is a vulnerability with a CVSS score of 9.3 (HIGH). Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbi...

How severe is CVE-2007-6166?

CVE-2007-6166 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-6166?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Quicktime, Microsoft Windows Vista, Microsoft Windows Xp, Apple Safari, Apple Mac Os X.