Apple has released QuickTime 7.3.1 to address several vulnerabilities. These include the buffer overflow in RTSP, a heap buffer overflow found in QuickTime’s handling of QTL files and vulnerabilities which exist in QuickTime’s Flash media handler. Updates are available for: Mac OS X v10.3.9 or later, Windows Vista, and XP SP2. The relevant CVEs are CVE-2007-6166, CVE-2007-4706 and CVE-2007-4707 respectively.
Tag Archives: rtsp
Quicktime PoC, IBM Lotus DoS
There’s a vulnerability in IBM Lotus Domino, which could result in a Denial of Service. There aren’t any details regarding the specifics of the vulnerability at this time. The vulnerability is reported in versions below 7.0.2 Fix Pack 3. Administrators should look in to updating to 7.0.2 Fix Pack 3. More information can be obtained from the original advisory http://www-1.ibm.com/support/docview.wss?uid=swg27011539
McAfee E-Business Server is also vulnerable to a local Denial of Service. An error in the handling of authentication packets can be exploited to DoS the service or potentially execute arbitrary code. Version 8.5.2 and earlier are vulnerable. Version 8.5.3 is available.
An exploit has been released for the Quicktime RTSP vulnerability previously discusses. There is currently no fix available at this time. Users should be aware and alert to what they are watching/listening to and from who.