-
-
Apple QuickTime contains a stack buffer overflow vulnerability in the way it handles the RTSP Content-Type header. This vulnerability may be exploited by specially crafted RTSP stream protocolLive Example
Elia Florio (Symantec) wrap a good introduction post regarding QuickTime 0 day Exploit.
Known Vulnerabilities Proof of concept (milw0rm).
- Apple QuickTime 7.3 RTSP Response Content-Type Header Stack Buffer Overflow exploit
- Apple QuickTime Remote stack rewrite exploit for Internet Explorer 6 & 7
- Apple QuickTime 7.2/7.3 RTSP Response Universal Exploit (IE7/FF/Opera)
- Apple Quicktime (Vista/XP Sp2 RTSP RESPONSE) Code Exec Exploit
Workarounds
You may try the following workarounds, as there is no complete patch for this this vulnerability.
- Block TCP port 554 (optionaly 7070) and UDP 6970 through 6999 in your firewall
- Update Quicktime
- Disabled Apple Quicktime ActiveX control running in Internet Explorer (Windows registry file)
- For Firefox - Noscripts addons
Related Links
-
- December 6, 2007 at 5:45 pm
- December 26, 2007 at 9:27 pm
- 0.3
- url
-
-
-
No Responses to “Block Apple Quicktime ActiveX & RTSP Exploit”
Trackback URL: Use the TrackBack url ↑ to ping this article. If your blog does not support Trackbacks you might want to leave a comment instead.
-
-
"write as if you were talking to a good friend (in front of your mother)."
.haveyoursay
Disclaimer: For any content that you post, you hereby grant to Kakkoi the royalty-free, irrevocable, perpetual, exclusive and fully sublicensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform and display such content in whole or in part, world-wide and to incorporate it in other works, in any form, media or technology now known or later developed. Some rights reserved.
-
The following "Code" are designed to protect you and other users of this site.
In order to keep these experiences enjoyable and interesting for all of our users, we ask that you follow the above guidlines.
be the first to comment.