Thread-topic: [SA27755] Apple QuickTime RTSP "Content-Type" Header Buffer Overflow
> ----------------------------------------------------------------------
>
> TITLE:
> Apple QuickTime RTSP "Content-Type" Header Buffer Overflow
>
> SECUNIA ADVISORY ID:
> SA27755
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/27755/
>
> CRITICAL:
> Extremely critical
>
> IMPACT:
> System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Apple QuickTime 7.x
> http://secunia.com/product/5090/
>
> DESCRIPTION:
> h07 has discovered a vulnerability in Apple QuickTime, which can be
> exploited by malicious people to compromise a user's system.
>
> The vulnerability is caused due to a boundary error when processing
> RTSP replies and can be exploited to cause a stack-based buffer
> overflow via a specially crafted RTSP reply containing an overly long
> "Content-Type" header.
>
> Successful exploitation allows execution of arbitrary code and
> requires that the user is e.g. tricked into opening a malicious QTL
> file or visiting a malicious web site.
>
> The vulnerability is confirmed in version 7.3. Other versions may
> also be affected.
>
> NOTE: A working exploit is publicly available.
>
> SOLUTION:
> Do not browse untrusted websites, follow untrusted links, nor open
> untrusted QTL files.
>
> PROVIDED AND/OR DISCOVERED BY:
> h07
>
> ORIGINAL ADVISORY:
> http://www.milw0rm.com/exploits/4648
>
> OTHER REFERENCES:
> VU#659761:
> http://www.kb.cert.org/vuls/id/659761
>