QuickTime RTSP URL Handler Buffer Overflow (Windows)

Medium Nessus Plugin ID 24268


The remote version of QuickTime is affected by a buffer overflow vulnerability.


A buffer overflow vulnerability exists in the RTSP URL handler in the version of QuickTime installed on the remote host. Using either HTML, JavaScript or a QTL file as an attack vector and an RTSP URL with a long path component, a remote attacker may be able to leverage this issue to execute arbitrary code on the remote host subject to the user's privileges.


Apply Apple's Security Update 2007-001, which is available via the 'Apple Software Update' application, installed with the most recent version of QuickTime or iTunes.

See Also






Plugin Details

Severity: Medium

ID: 24268

File Name: quicktime_rtsp_url_handler_overflow.nasl

Version: $Revision: 1.19 $

Type: local

Agent: windows

Family: Windows

Published: 2007/02/02

Modified: 2016/11/23

Dependencies: 21561

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:apple:quicktime

Required KB Items: SMB/QuickTime/Version

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2007/01/01

Exploitable With


Core Impact

Metasploit (Apple QuickTime 7.1.3 RTSP URI Buffer Overflow)

Reference Information

CVE: CVE-2007-0015

BID: 21829

OSVDB: 31023

CERT: 442497