|
Family: Windows --> Category: infos
Quicktime RTSP URL Handler Buffer Overflow Vulnerability (Windows) Vulnerability Scan
Vulnerability Scan Summary Checks version of Quicktime on Windows
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote version of QuickTime is affected by a buffer overflow
vulnerability.
Description :
A buffer overflow vulnerability exists in the RTSP URL handler in the
version of QuickTime installed on the remote host. Using either HTML,
Javascript or a QTL file as attack vector and an RTSP URL with a long
path component, a remote attacker may be able to leverage this issue
to execute arbitary code on the remote host subject to the user's
rights.
See also :
http://applefun.blogspot.com/2007/01/moab-01-01-2007-apple-quicktime-rtsp.html
http://projects.info-pull.com/moab/MOAB-01-01-2007.html
http://docs.info.apple.com/article.html?artnum=304989
http://lists.apple.com/archives/Security-announce/2007/Jan/msg00000.html
http://www.kb.cert.org/vuls/id/442497http://secunia.com/blog/7/
Solution :
Apply Apple's Security Update 2007-001, which is available via the
'Apple Software Update' application, installed with the most recent
version of QuickTime or iTunes.
Threat Level:
Medium / CVSS Base Score : 5.6
(AV:R/AC:H/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|