Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-0015Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Quicktime

10 documents7 sources
Severity
6.8MEDIUMNVD
EPSS
85.6%
top 0.62%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apple Quicktime
Timeline
PublishedJan 1
Latest updateMay 1

Description

Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDapple/quicktime7.1.3

Patches

Patch: secunia.comPatch: www.kb.cert.orgPatch: secunia.com

🔴Vulnerability Details

3
GHSA
GHSA-xpc5-5qwg-24vr: Buffer overflow in Apple QuickTime 72022-05-01
CVEList
CVE-2007-0015: Buffer overflow in Apple QuickTime 72007-01-01
VulnCheck
Apple quicktime Out-of-bounds Write2007

💥Exploits & PoCs

3
Exploit-DB
Apple QuickTime 7.1.3 - RTSP URI Buffer Overflow (Metasploit)2010-05-04
Exploit-DB
Apple QuickTime (Windows 2000) - 'rtsp URL Handler' Remote Buffer Overflow2007-01-03
Exploit-DB
Apple QuickTime - 'rtsp URL Handler' Remote Stack Buffer Overflow2007-01-01

🔍Detection Rules

2
Suricata
ET WEB_CLIENT Apple Quicktime RTSP Overflow (2)2010-07-30
Suricata
ET WEB_CLIENT Apple Quicktime RTSP Overflow (1)2010-07-30

💬Community

1
Bugzilla
CVE-2006-2440 ImageMagick heap overflow2006-05-18
CVE-2007-0015 — Apple Quicktime vulnerability | cvebase