Signature Detail
Short Name |
HTTP:STC:QT-RTSP-LINK-OF |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Quicktime RTSP Overflow |
Release Date |
2007/01/10 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Quicktime RTSP Overflow
This signature detects attempts to exploit a known vulnerability in Apple Quicktime. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.
Extended Description
Apple QuickTime is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input prior to copying it to an insufficiently sized stack-based memory buffer. Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application, facilitating the remote compromise of affected computers. Attackers exploit this issue by coercing targeted users to access malicious HTML or QTL files or by executing malicious JavaScript code. QuickTime 7.1.3 is vulnerable to this issue; other versions may also be affected.
Affected Products
- Apple QuickTime Player 7.0.4
- Apple QuickTime Player 7.1.3
References
- BugTraq: 21829
- CVE: CVE-2007-0015
- URL: http://projects.info-pull.com/moab/MOAB-01-01-2007.html