9.3
CVE-2007-6166
- EPSS 41.92%
- Veröffentlicht 29.11.2007 01:46:00
- Zuletzt bearbeitet 16.06.2026 22:47:31
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Apple ≫ Safari
Apple ≫ macOS X Version10.3.9
Apple ≫ macOS X Version10.4.9
Apple ≫ macOS X Version10.5
Apple ≫ macOS X Version10.5.0
Apple ≫ macOS X Version10.5.1
Apple ≫ macOS X Version10.5.2
Apple ≫ macOS X Version10.5.3
Apple ≫ macOS X Version10.5.4
Apple ≫ macOS X Version10.5.5
Apple ≫ macOS X Version10.5.6
Apple ≫ macOS X Version10.5.7
Apple ≫ macOS X Version10.5.8
Apple ≫ macOS X Version10.4.9
Apple ≫ macOS X Version10.5
Apple ≫ macOS X Version10.5.0
Apple ≫ macOS X Version10.5.1
Apple ≫ macOS X Version10.5.2
Apple ≫ macOS X Version10.5.3
Apple ≫ macOS X Version10.5.4
Apple ≫ macOS X Version10.5.5
Apple ≫ macOS X Version10.5.6
Apple ≫ macOS X Version10.5.7
Apple ≫ macOS X Version10.5.8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 41.92% | 0.985 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://secunia.com/advisories/29182
http://security.gentoo.org/glsa/glsa-200803-08.xml
http://docs.info.apple.com/article.html?artnum=307176
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00000.html
http://secunia.com/advisories/27755
http://securityreason.com/securityalert/3410
http://www.beskerming.com/security/2007/11/25/74/QuickTime_-_Remote_hacker_automatic_control
http://www.kb.cert.org/vuls/id/659761
http://www.securityfocus.com/bid/26549
http://www.securityfocus.com/bid/26560
http://www.securitytracker.com/id?1018989
http://www.us-cert.gov/cas/techalerts/TA07-334A.html
http://www.vupen.com/english/advisories/2007/3984
https://exchange.xforce.ibmcloud.com/vulnerabilities/38604
https://www.exploit-db.com/exploits/4648
https://www.exploit-db.com/exploits/6013