Quicktime 7.2/7.3 RTSP Exploits

Quicktime versions 7.2 and 7.3 are vulnerable to a stack based overflow. This vulnerability is caused by a boundary error when processing RTSP (Real Time Streaming Protocol) replies. This can be exploited by sending a specially crafted RTSP reply with a long “Content-Type” header. Exploitation requires that a user visits a malicious URL or open a malicious QTL file. Working exploit code is available to the public. There is no update available at this time, so users should beware suspicious links or Quicktime files (qtl).

Leave a Reply