{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple QuickTime versions ant\u00e9rieures \u00e0 7.3.1.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s affectent QuickTime :\n\n-   la premi\u00e8re, CVE-2007-6166, d\u00e9crite dans l\u0027alerte CERTA-2007-ALE-017\n    concerne la prise en charge des flux RTSP ;\n-   la seconde, CVE-2007-4706, concerne la gestion des fichiers de liens\n    QuickTime (poss\u00e9dant l\u0027extension QTL). Cette vuln\u00e9rabilit\u00e9 pourrait\n    permettre \u00e0 un utilisateur distant d\u0027ex\u00e9cuter du code arbitraire ou\n    de r\u00e9aliser un d\u00e9ni de service par le biais d\u0027un d\u00e9bordement de\n    m\u00e9moire ;\n-   la derni\u00e8re, CVE-2007-4707, concerne le composant Flash media\n    handler de QuickTime. Ce composant est sujet \u00e0 de multiples\n    vuln\u00e9rabilit\u00e9s dont certaines permettent \u00e0 un utilisateur distant\n    d\u0027ex\u00e9cuter du code arbitraire. Le correctif fournit par Apple\n    consiste \u00e0 n\u0027activer ce composant que pour des vid\u00e9os existantes et\n    de confiance au format QuickTime.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-4706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4706"
    },
    {
      "name": "CVE-2007-4707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4707"
    },
    {
      "name": "CVE-2007-6166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6166"
    }
  ],
  "initial_release_date": "2007-12-14T00:00:00",
  "last_revision_date": "2007-12-14T00:00:00",
  "links": [
    {
      "title": "Alerte du CERTA CERTA-2007-ALE-017 du 27 novembre 2007 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-ALE-017/"
    }
  ],
  "reference": "CERTA-2007-AVI-544",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-12-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans Apple QuickTime permettent d\u0027effectuer\nun d\u00e9ni de service ou d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s d\u0027Apple QuickTime",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 QuickTime du 13 d\u00e9cembre 2007",
      "url": "http://docs.info.apple.com/article.html?artnum=307176"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E24B999C-BF13-4379-A8FF-A4C831C97453",
              "versionEndIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EE08FAE-0862-4C36-95BC-878B04CBF397",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8F310A8-F760-4059-987D-42369F360DE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F71BC599-FCBE-4F1F-AA24-41AF91F82226",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "41473E1D-B988-4312-B16B-D340508DD473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCC2EBC0-F2A6-4709-9A27-CF63BC578744",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "844E1B14-A13A-47F1-9C82-02EAEED1A911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "80747BDD-70E9-4E74-896F-C79D014F1B2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA1E140B-BCB4-4B3C-B287-E9E944E08DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C7CB5C4-9A5A-4831-8FFD-0D261619A7DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:6.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2CE0B67-0794-472D-A2C0-CC5CA0E36370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:6.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A5DDF47-5AA5-4EE3-B12D-9218F528EFE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F075BA0F-4A96-4F25-AF1D-C64C7DCE1CDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8692B488-129A-49EA-AF84-6077FCDBB898",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1758610B-3789-489E-A751-386D605E5A08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B535737C-BF32-471C-B26A-588632FCC427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF2C61F8-B376-40F9-8677-CADCC3295915",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6254BB56-5A25-49DC-A851-3CCA249BD71D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "795E3354-7824-4EF4-A788-3CFEB75734E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9419A1E9-A0DA-4846-8959-BE50B53736E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "952A8015-B18B-481C-AC17-60F0D7EEE085",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E518B27-A79B-43A4-AFA6-E59EF8E944D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEC6EF36-93B3-49BB-9A6F-1990E3F4170E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A1B5F2F-CDBF-4AEF-9F78-0C010664B9E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:quicktime:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "98C9B657-5484-4458-861E-D6FB5019265A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE370CAA-04B3-434E-BD5B-1D87DE596C10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6931D5-DE7E-41F6-ADDC-AB5A8A167F69",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "786BB737-EA99-4EC6-B742-0C35BF2453F9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2442D35-7484-43D8-9077-3FDF63104816",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC90AA12-DD17-4607-90CB-E342E83F20BB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F3E721C-00CA-4D51-B542-F2BC5C0D65BF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3267A41-1AE0-48B8-BD1F-DEC8A212851A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "855288F1-0242-4951-AB3F-B7AF13E21CF6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "10082781-B93E-4B84-94F2-FA9749B4D92B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1EBF04-C440-4A6B-93F2-DC3A812728C2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFB077A2-927B-43AF-BFD5-0E78648C9394",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "2398ADC8-A106-462E-B9AE-F8AF800D0A3C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1335E35A-D381-4056-9E78-37BC6DF8AD98",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en Apple QuickTime anterior a la versi\u00f3n 7.3.1, como es usado en QuickTime Player en Windows XP y Safari en Mac OS X, permite a servidores remotos de Real Time Streaming Protocol (RTSP) ejecutar c\u00f3digo arbitrario por medio de una respuesta RTSP con un encabezado Content-Type largo."
    }
  ],
  "id": "CVE-2007-6166",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-11-29T01:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://docs.info.apple.com/article.html?artnum=307176"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27755"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29182"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200803-08.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3410"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.beskerming.com/security/2007/11/25/74/QuickTime_-_Remote_hacker_automatic_control"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/659761"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26549"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26560"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018989"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-334A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3984"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38604"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/4648"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/6013"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://docs.info.apple.com/article.html?artnum=307176"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27755"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29182"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200803-08.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3410"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.beskerming.com/security/2007/11/25/74/QuickTime_-_Remote_hacker_automatic_control"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/659761"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26549"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26560"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018989"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-334A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3984"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38604"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/4648"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/6013"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "GSD": {
    "alias": "CVE-2007-6166",
    "description": "Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.",
    "id": "GSD-2007-6166",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2007-6166"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-6166"
      ],
      "details": "Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.",
      "id": "GSD-2007-6166",
      "modified": "2023-12-13T01:21:38.341387Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-6166",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "26549",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/26549"
          },
          {
            "name": "http://www.beskerming.com/security/2007/11/25/74/QuickTime_-_Remote_hacker_automatic_control",
            "refsource": "MISC",
            "url": "http://www.beskerming.com/security/2007/11/25/74/QuickTime_-_Remote_hacker_automatic_control"
          },
          {
            "name": "3410",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/3410"
          },
          {
            "name": "4648",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/4648"
          },
          {
            "name": "http://docs.info.apple.com/article.html?artnum=307176",
            "refsource": "MISC",
            "url": "http://docs.info.apple.com/article.html?artnum=307176"
          },
          {
            "name": "APPLE-SA-2007-12-13",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00000.html"
          },
          {
            "name": "GLSA-200803-08",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-200803-08.xml"
          },
          {
            "name": "26560",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/26560"
          },
          {
            "name": "TA07-334A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-334A.html"
          },
          {
            "name": "VU#659761",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/659761"
          },
          {
            "name": "quicktime-rtsp-contenttype-bo(38604)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38604"
          },
          {
            "name": "6013",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/6013"
          },
          {
            "name": "ADV-2007-3984",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/3984"
          },
          {
            "name": "27755",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27755"
          },
          {
            "name": "29182",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29182"
          },
          {
            "name": "1018989",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018989"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:4.1.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:quicktime:7.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6166"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.beskerming.com/security/2007/11/25/74/QuickTime_-_Remote_hacker_automatic_control",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.beskerming.com/security/2007/11/25/74/QuickTime_-_Remote_hacker_automatic_control"
            },
            {
              "name": "VU#659761",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/659761"
            },
            {
              "name": "26549",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/26549"
            },
            {
              "name": "1018989",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018989"
            },
            {
              "name": "27755",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27755"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307176",
              "refsource": "MISC",
              "tags": [],
              "url": "http://docs.info.apple.com/article.html?artnum=307176"
            },
            {
              "name": "APPLE-SA-2007-12-13",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00000.html"
            },
            {
              "name": "TA07-334A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-334A.html"
            },
            {
              "name": "26560",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/26560"
            },
            {
              "name": "GLSA-200803-08",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200803-08.xml"
            },
            {
              "name": "29182",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/29182"
            },
            {
              "name": "3410",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/3410"
            },
            {
              "name": "ADV-2007-3984",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3984"
            },
            {
              "name": "quicktime-rtsp-contenttype-bo(38604)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38604"
            },
            {
              "name": "6013",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/6013"
            },
            {
              "name": "4648",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/4648"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-30T16:25Z",
      "publishedDate": "2007-11-29T01:46Z"
    }
  }
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "La version 7.5 d\u0027Apple iTunes ainsi que les versions ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "La version 7.3 d\u0027Apple QuickTime ainsi que les versions ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2007-12-14",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans le logiciel multim\u00e9dia Apple\nQuickTime. Ce dernier ne manipulerait pas correctement un champ dans\nl\u0027en-t\u00eate des r\u00e9ponses retourn\u00e9es par le serveur de flux RTSP.\n\nRTSP (pour Real Time Streaming Protocol) est un protocole permettant\nd\u0027\u00e9tablir et de contr\u00f4ler des flux synchronis\u00e9s de m\u00e9dias continus\n(streaming), qu\u0027ils soient audio ou vid\u00e9o. Il est conceptuellement tr\u00e8s\nproche de HTTP : il est \u00e0 \u00e9tat et utilise la notion de session.\n\nLorsque le client envoie une requ\u00eate au serveur, ce dernier retourne une\nr\u00e9ponse, avec un champ Content-Type.\n\nApple QuickTime n\u0027interpr\u00e9terait pas correctement la valeur de ce champ.\nCette vuln\u00e9rabilit\u00e9 peut ainsi \u00eatre exploit\u00e9e par une personne distante,\nqui aura pris soin de mettre en place un serveur de flux r\u00e9pondant par\ncette vuln\u00e9rabilit\u00e9. L\u0027utilisateur amen\u00e9 \u00e0 r\u00e9cup\u00e9rer le flux multim\u00e9dia,\npar un lien par exemple provoquera le dysfonctionnement, voire\nl\u0027ex\u00e9cution de code arbitraire sur son syt\u00e8me vuln\u00e9rable.\n\n## Contournement provisoire\n\n## 5.1 De mani\u00e8re g\u00e9n\u00e9rale\n\nIl est pr\u00e9f\u00e9rable, dans l\u0027attente d\u0027un correctif, d\u0027utiliser un lecteur\nmultim\u00e9dia alternatif.\n\nL\u0027administrateur du r\u00e9seau peut \u00e9galement v\u00e9rifier que les flux sortants\nTCP/UDP vers le port 554 sont bloqu\u00e9s. Ces ports sont ceux par d\u00e9faut\nattribu\u00e9s au protocole Real Time Streaming Protocol, mais peuvent \u00eatre\nchang\u00e9s et remplac\u00e9s par n\u0027importe quel autre port convenu c\u00f4t\u00e9 serveur\net c\u00f4t\u00e9 client. Cette mesure n\u0027est donc pas suffisante.\n\nLes navigateurs offrent \u00e9galement la possibilit\u00e9 de d\u00e9sactiver les\nmodules ou plugins.\n\nLes recommandations standards s\u0027appliquent toujours : l\u0027interpr\u00e9tation\nde codes dynamiques comme Javascript doit \u00eatre d\u00e9sactiv\u00e9e par d\u00e9faut.\n\n## 5.2 Sous Microsoft Windows :\n\n-   D\u00e9sactiver la prise en charge des liens rtsp:// dans Quicktime en\n    d\u00e9cochant la case  \n    Pr\u00e9f\u00e9rences de Quicktime -\\\u003e Types de fichiers -\\\u003e Diffusion -\\\u003e\n    Descripteur de flux RTSP ;\n-   D\u00e9sactiver l\u0027association faite entre le type de fichier et\n    QuickTime, en supprimant les cl\u00e9s de registre de la forme  \n    HKEY_CLASSES_ROOT/TT\\\u003e\n\n## 5.3 Sous Apple MacOS X :\n\n-   D\u00e9sactiver la prise en charge des liens rtsp:// dans QuickTime en\n    d\u00e9cochant la case  \n    Pr\u00e9f\u00e9rences de Quicktime -\\\u003e Avanc\u00e9 -\\\u003e R\u00e9glages MIME -\\\u003e Diffusion\n    -\\\u003e Descripteur de flux RTSP ;\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-0015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0015"
    },
    {
      "name": "CVE-2007-6166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6166"
    }
  ],
  "initial_release_date": "2007-11-27T00:00:00",
  "last_revision_date": "2007-12-14T00:00:00",
  "links": [
    {
      "title": "D\u00e9sinstaller des modules ou plugins sous Mozilla :",
      "url": "http://plugindoc.mozdev.org/faqs/uninstall.html"
    },
    {
      "title": "Site de t\u00e9l\u00e9chargement d\u0027Apple QuickTime :",
      "url": "http://www.apple.com/quicktime/"
    },
    {
      "title": "Note de vuln\u00e9rabilit\u00e9 de l\u0027US-CERT VU#659761 du 24 novembre    2007 :",
      "url": "http://www.kb.cert.org/vuls/id/659761"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 QuickTime du 13 d\u00e9cembre 2007 :",
      "url": "http://docs.info.apple.com/article.html?artnum=307176"
    },
    {
      "title": "Alerte CERTA-2007-ALE-001 du 04 janvier 2007 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-ALE-001/"
    },
    {
      "title": "RFC 2326, \"Real Time Streaming Protocol\" :",
      "url": "http://tools.ietf.org/html/rfc2326"
    }
  ],
  "reference": "CERTA-2007-ALE-017",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-11-27T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 QuickTime.",
      "revision_date": "2007-12-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans le logiciel multim\u00e9dia Apple\nQuickTime. Ce dernier ne manipule pas correctement un champ dans\nl\u0027en-t\u00eate des r\u00e9ponses retourn\u00e9es par le serveur de flux RTSP. Une\npersonne malveillante pourrait inciter un utilisateur \u00e0 se rendre sur un\ntel serveur, ce qui pourrait alors perturber son syst\u00e8me ou permettre \u00e0\nl\u0027attaquant d\u0027ex\u00e9cuter des commandes arbitraires.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans la gestion RTSP d\u0027Apple QuickTime",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 de l\u0027US-CERT VU#659761 du 24 novembre 2007",
      "url": null
    }
  ]
}

{
  "affected": [],
  "aliases": [
    "CVE-2007-6166"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-11-29T01:46:00Z",
    "severity": "HIGH"
  },
  "details": "Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.",
  "id": "GHSA-mrqv-c428-3hfp",
  "modified": "2022-05-01T18:40:07Z",
  "published": "2022-05-01T18:40:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6166"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38604"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/4648"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/6013"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=307176"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27755"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29182"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200803-08.xml"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3410"
    },
    {
      "type": "WEB",
      "url": "http://www.beskerming.com/security/2007/11/25/74/QuickTime_-_Remote_hacker_automatic_control"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/659761"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26549"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26560"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018989"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-334A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/3984"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200711-0065",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "6.5.2"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "5.0.2"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.5.1"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.2"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.1.6"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.1.2"
      },
      {
        "model": "quicktime",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.3"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "*"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.1.3"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.1.4"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.1.5"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.5"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "4.0 to  7.3"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "7.3"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "7.0.8"
      },
      {
        "model": "second life viewer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linden research",
        "version": "1.18.5.3"
      },
      {
        "model": "second life viewer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "linden research",
        "version": "0"
      },
      {
        "model": "media-libs/win32codecs 20071007-r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "quicktime player",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3.1"
      },
      {
        "model": "esignal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "esignal",
        "version": "6.0.2"
      },
      {
        "model": "quicktime player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.8"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.7.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.7"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.6"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.72"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.4"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#659761"
      },
      {
        "db": "BID",
        "id": "26549"
      },
      {
        "db": "BID",
        "id": "26560"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001009"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-392"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6166"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:apple:quicktime",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001009"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Krystian Kloskowski (h07) \u003ch07@interia.pl\u003e is credited with the discovery of this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "26549"
      },
      {
        "db": "BID",
        "id": "26560"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-6166",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2007-6166",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-29528",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2007-6166",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#659761",
            "trust": 0.8,
            "value": "40.32"
          },
          {
            "author": "NVD",
            "id": "CVE-2007-6166",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200711-392",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-29528",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#659761"
      },
      {
        "db": "VULHUB",
        "id": "VHN-29528"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001009"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-392"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6166"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header. Apple QuickTime RTSP of Content-Type A stack buffer overflow vulnerability exists in the handling of headers. Winodws Plate and Mac Edition QuickTime Are affected by this vulnerability. Also, iTunes Such QuickTime Systems that have installed software that uses Microsoft are also affected by this vulnerability. In addition, verification code that exploits this vulnerability has already been published.Crafted by a remote third party RTSP stream Arbitrary code could be executed when a user connects to. \nThis issue occurs when handling specially crafted RTSP Response headers. \nAttackers can leverage this issue to execute arbitrary machine code in the context of the user running the affected application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions. \nUPDATE (December 4, 2007): Attackers are exploiting this issue through the Second Life Viewer to steal Linden dollars from unsuspecting victims. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. \n\nI. Most versions of\n   QuickTime prior to and including 7.3 running on all supported Apple\n   Mac OS X and Microsoft Windows platforms are vulnerable. \n\n   An attacker could exploit this vulnerability by convincing a user to\n   access a specially crafted HTML document such as a web page or email\n   message. The HTML document could use a variety of techniques to cause\n   QuickTime to load a specially crafted RTSP stream. Common web\n   browsers, including Microsoft Internet Explorer, Mozilla Firefox, and\n   Apple Safari can be used to pass RTSP streams to QuickTime, exploit\n   the vulnerability, and execute arbitrary code. \n\n   Exploit code for this vulnerability was first posted publicly on\n   November 25, 2007. \n\nII. \n\nIII. To block attack vectors, consider the following\n   workarounds. \n\nBlock the rtsp:// protocol\n\n   Using a proxy or firewall capable of recognizing and blocking RTSP\n   traffic can mitigate this vulnerability. Known public exploit code for\n   this vulnerability uses the default RTSP port 554/tcp, however RTSP\n   can use a variety of ports. \n\nDisable file association for QuickTime files\n\n   Disable the file association for QuickTime file types. This can be\n   accomplished by deleting the following registry keys:\n   HKEY_CLASSES_ROOT\\QuickTime.*\n\n   This will remove the association for approximately 32 file types that\n   are configured to open with QuickTime Player. \n\nDisable the QuickTime ActiveX controls in Internet Explorer\n\n   The QuickTime ActiveX controls can be disabled in Internet Explorer by\n   setting the kill bit for the following CLSIDs:\n       {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\n       {4063BE15-3B08-470D-A0D5-B37161CFFD69}\n\n   More information about how to set the kill bit is available in\n   Microsoft Knolwedgebase Article 240797. Alternatively, the following\n   text can be saved as a .REG file and imported to set the kill bit for\n   these controls:\n   \n   Windows Registry Editor Version 5.00\n   \n       [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX\n       Compatibility\\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}]\n       \"Compatibility Flags\"=dword:00000400\n       \n       [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX\n       Compatibility\\{4063BE15-3B08-470D-A0D5-B37161CFFD69}]\n       \"Compatibility Flags\"=dword:00000400\n\nDisable the QuickTime plug-in for Mozilla-based browsers\n\n   Users of Mozilla-based browsers, such as Firefox can disable the\n   QuickTime plugin, as specified in the PluginDoc article Uninstalling\n   Plugins. \n\nDisable JavaScript\n\n   For instructions on how to disable JavaScript, please refer to the\n   Securing Your Web Browser document. This can help prevent some attack\n   techniques that use the QuickTime plug-in or ActiveX control. \n\nSecure your web browser\n\n   To help mitigate these and other vulnerabilities that can be exploited\n   via a web browser, refer to Securing Your Web Browser. \n\nDo not access QuickTime files from untrusted sources\n\n   Do not open QuickTime files from any untrusted sources, including\n   unsolicited files or links received in email, instant messages, web\n   forums, or internet relay chat (IRC) channels. \n\n\nReferences\n\n * US-CERT Vulnerability Note VU#659761 - \u003chttp://www.kb.cert.org/vuls/id/659761\u003e\n\n * Securing Your Web Browser - \u003chttp://www.us-cert.gov/reading_room/securing_browser/\u003e\n\n * Mozilla Uninstalling Plugins - \u003chttp://plugindoc.mozdev.org/faqs/uninstall.html\u003e\n\n * How to stop an ActiveX control from running in Internet Explorer - \u003chttp://support.microsoft.com/kb/240797\u003e\n\n * IETF RFC 2326 Real Time Streaming Protocol - \u003chttp://tools.ietf.org/html/rfc2326\u003e\n  \n\n _________________________________________________________________\n\n   The most recent version of this document can be found at:\n\n     \u003chttp://www.us-cert.gov/cas/techalerts/TA07-334A.html\u003e\n _________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff. Please send\n   email to \u003ccert@cert.org\u003e with \"TA07-334A Feedback VU#659761\" in the\n   subject. \n _________________________________________________________________\n\n   For instructions on subscribing to or unsubscribing from this\n   mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n _________________________________________________________________\n\n   Produced 2007 by US-CERT, a government organization. \n\n   Terms of use:\n\n     \u003chttp://www.us-cert.gov/legal.html\u003e\n _________________________________________________________________\n\nRevision History\n\n   November 30, 2007: Initial release\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBR1ArKvRFkHkM87XOAQJg7wf/X4wAipFWO2ZJ5MdPzTwzE+x1OUIJxenP\ncFuLApajAMZ33yAyTTjA0sYhKveYhxSwqQTetEPiAWp5r/KPkJL5ugkeSvtzbAgf\nU6rsCICcRpjPJ7IjqsW/u6Hk2PBVqWwgip+FhZG5J5mjRPUdRr3JbmKlsEm/XDxi\n+ENxwrAgcoQHkLn76xn/9+1vTbI3zxi0GoyAR+GIFzs+Fsn+LazMCCrDI4ltPMnS\nc+Qpa3/qkOC+svz63yyHBjhq6eT2HQBP/X/50syweUOf4SrpDOdexX+mRPr03i6+\n9byGzjid5sObMAbpH1AzCtiDB56ai3zf+G5qV0uK2ziXihvNEn7JKA==\n=Jc+L\n-----END PGP SIGNATURE-----\n. \n\n----------------------------------------------------------------------\n\n2003: 2,700 advisories published\n2004: 3,100 advisories published\n2005: 4,600 advisories published\n2006: 5,300 advisories published\n\nHow do you know which Secunia advisories are important to you?\n\nThe Secunia Vulnerability Intelligence Solutions allows you to filter\nand structure all the information you need, so you can address issues\neffectively. tricked into opening a malicious QTL\nfile or visiting a malicious web site. \n\nThe vulnerability is confirmed in version 7.3. \n\nSOLUTION:\nDo not browse untrusted websites, follow untrusted links, nor open\nuntrusted QTL files. \n\nPROVIDED AND/OR DISCOVERED BY:\nh07\n\nORIGINAL ADVISORY:\nhttp://www.milw0rm.com/exploits/4648\n\nOTHER REFERENCES:\nVU#659761:\nhttp://www.kb.cert.org/vuls/id/659761\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. ----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. This fixes some\nvulnerabilities, which can be exploited by malicious people to\ncompromise a user\u0027s system. \n\nNote: This update removes the affected binary Quicktime library. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200803-08\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: Normal\n     Title: Win32 binary codecs: Multiple vulnerabilities\n      Date: March 04, 2008\n      Bugs: #150288\n        ID: 200803-08\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities in the Win32 codecs for Linux may result in\nthe remote execution of arbitrary code. \n\nBackground\n==========\n\nWin32 binary codecs provide support for video and audio playback. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package                 /    Vulnerable    /           Unaffected\n    -------------------------------------------------------------------\n  1  media-libs/win32codecs      \u003c 20071007-r2          \u003e= 20071007-r2\n\nDescription\n===========\n\nMultiple buffer overflow, heap overflow, and integer overflow\nvulnerabilities were discovered in the Quicktime plugin when processing\nMOV, FLC, SGI, H.264 and FPX files. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Win32 binary codecs users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose\n\"\u003e=media-libs/win32codecs-20071007-r2\"\n\nNote: Since no updated binary versions have been released, the\nQuicktime libraries have been removed from the package. Please use the\nfree alternative Quicktime implementations within VLC, MPlayer or Xine\nfor playback. \n\nReferences\n==========\n\n  [ 1 ] CVE-2006-4382\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4382\n  [ 2 ] CVE-2006-4384\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4384\n  [ 3 ] CVE-2006-4385\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4385\n  [ 4 ] CVE-2006-4386\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4386\n  [ 5 ] CVE-2006-4388\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4388\n  [ 6 ] CVE-2006-4389\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389\n  [ 7 ] CVE-2007-4674\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4674\n  [ 8 ] CVE-2007-6166\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200803-08.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2008 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-6166"
      },
      {
        "db": "CERT/CC",
        "id": "VU#659761"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001009"
      },
      {
        "db": "BID",
        "id": "26549"
      },
      {
        "db": "BID",
        "id": "26560"
      },
      {
        "db": "VULHUB",
        "id": "VHN-29528"
      },
      {
        "db": "PACKETSTORM",
        "id": "61419"
      },
      {
        "db": "PACKETSTORM",
        "id": "61196"
      },
      {
        "db": "PACKETSTORM",
        "id": "64286"
      },
      {
        "db": "PACKETSTORM",
        "id": "64267"
      }
    ],
    "trust": 3.33
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-29528",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-29528"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#659761",
        "trust": 4.1
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6166",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "26549",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "27755",
        "trust": 2.8
      },
      {
        "db": "EXPLOIT-DB",
        "id": "4648",
        "trust": 2.6
      },
      {
        "db": "USCERT",
        "id": "TA07-334A",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1018989",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "26560",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "29182",
        "trust": 1.8
      },
      {
        "db": "SREASON",
        "id": "3410",
        "trust": 1.7
      },
      {
        "db": "EXPLOIT-DB",
        "id": "6013",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-3984",
        "trust": 1.7
      },
      {
        "db": "XF",
        "id": "38604",
        "trust": 1.4
      },
      {
        "db": "EXPLOIT-DB",
        "id": "4651",
        "trust": 0.9
      },
      {
        "db": "EXPLOIT-DB",
        "id": "4657",
        "trust": 0.9
      },
      {
        "db": "USCERT",
        "id": "SA07-334A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001009",
        "trust": 0.8
      },
      {
        "db": "MILW0RM",
        "id": "6013",
        "trust": 0.6
      },
      {
        "db": "MILW0RM",
        "id": "4648",
        "trust": 0.6
      },
      {
        "db": "GENTOO",
        "id": "GLSA-200803-08",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2007-12-13",
        "trust": 0.6
      },
      {
        "db": "CERT/CC",
        "id": "TA07-334A",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-392",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "4664",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "16424",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "11027",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "16873",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-71370",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-70939",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "83037",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-29528",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "61419",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "61196",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "64286",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "64267",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#659761"
      },
      {
        "db": "VULHUB",
        "id": "VHN-29528"
      },
      {
        "db": "BID",
        "id": "26549"
      },
      {
        "db": "BID",
        "id": "26560"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001009"
      },
      {
        "db": "PACKETSTORM",
        "id": "61419"
      },
      {
        "db": "PACKETSTORM",
        "id": "61196"
      },
      {
        "db": "PACKETSTORM",
        "id": "64286"
      },
      {
        "db": "PACKETSTORM",
        "id": "64267"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-392"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6166"
      }
    ]
  },
  "id": "VAR-200711-0065",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-29528"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-10T22:17:34.684000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.apple.com/jp/quicktime/home/win.html"
      },
      {
        "title": "QuickTime 7.3.1",
        "trust": 0.8,
        "url": "http://docs.info.apple.com/article.html?artnum=307176-en"
      },
      {
        "title": "QuickTime 7.3.1",
        "trust": 0.8,
        "url": "http://docs.info.apple.com/article.html?artnum=307176-ja"
      },
      {
        "title": "TA07-334A",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta07-334a.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001009"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-29528"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001009"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6166"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.2,
        "url": "http://www.kb.cert.org/vuls/id/659761"
      },
      {
        "trust": 2.8,
        "url": "http://docs.info.apple.com/article.html?artnum=307176"
      },
      {
        "trust": 2.5,
        "url": "http://www.beskerming.com/security/2007/11/25/74/quicktime_-_remote_hacker_automatic_control"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/26549"
      },
      {
        "trust": 2.5,
        "url": "http://www.us-cert.gov/cas/techalerts/ta07-334a.html"
      },
      {
        "trust": 2.5,
        "url": "http://www.securitytracker.com/id?1018989"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/27755"
      },
      {
        "trust": 1.8,
        "url": "http://security.gentoo.org/glsa/glsa-200803-08.xml"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2007/dec/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/26560"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/29182"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/3410"
      },
      {
        "trust": 1.5,
        "url": "http://www.milw0rm.com/exploits/4648"
      },
      {
        "trust": 1.4,
        "url": "http://www.frsirt.com/english/advisories/2007/3984"
      },
      {
        "trust": 1.4,
        "url": "http://xforce.iss.net/xforce/xfdb/38604"
      },
      {
        "trust": 1.1,
        "url": "https://www.exploit-db.com/exploits/4648"
      },
      {
        "trust": 1.1,
        "url": "https://www.exploit-db.com/exploits/6013"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/3984"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38604"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6166"
      },
      {
        "trust": 0.8,
        "url": "http://tools.ietf.org/html/rfc2326"
      },
      {
        "trust": 0.8,
        "url": "http://tools.ietf.org/html/rfc2326#section-12.16"
      },
      {
        "trust": 0.8,
        "url": "http://www.apple.com/quicktime/technologies/streaming/"
      },
      {
        "trust": 0.8,
        "url": "http://www.gnucitizen.org/blog/backdooring-mp3-files/"
      },
      {
        "trust": 0.8,
        "url": "http://developer.apple.com/quicktime/icefloe/dispatch028.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.apple.com/quicktime/resources/qt/us/proxy/"
      },
      {
        "trust": 0.8,
        "url": "http://www.milw0rm.com/exploits/4651"
      },
      {
        "trust": 0.8,
        "url": "http://www.milw0rm.com/exploits/4657"
      },
      {
        "trust": 0.8,
        "url": "http://quicktime.tc.columbia.edu/users/iml/movies/mtest.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.symantec.com/enterprise/security_response/weblog/2007/12/exploit_for_apple_quicktime_vu.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.rubicode.com/software/rcdefaultapp/"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2007/wr074701.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2007/wr074901.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2007/at070023.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23659761/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta07-334a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta07-334a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-6166"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa07-334a.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.cyberpolice.go.jp/important/2007/20071214_142118.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.apple.com/quicktime/"
      },
      {
        "trust": 0.6,
        "url": "http://support.microsoft.com/kb/240797"
      },
      {
        "trust": 0.6,
        "url": "http://www.milw0rm.com/exploits/6013"
      },
      {
        "trust": 0.3,
        "url": "http://blog.secondlife.com/2007/12/02/second-life-viewer-susceptible-to-quicktime-security-flaw/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/27755/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://plugindoc.mozdev.org/faqs/uninstall.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://tools.ietf.org/html/rfc2326\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/659761\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://support.microsoft.com/kb/240797\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta07-334a.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/signup.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/reading_room/securing_browser/\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5090/"
      },
      {
        "trust": 0.1,
        "url": "http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/21893/"
      },
      {
        "trust": 0.1,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-08.xml"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/?page=changelog"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/29182/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/339/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/27523/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-4674"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4385"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4674"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4389"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://enigmail.mozdev.org"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4384"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6166"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4386"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4386"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4385"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4389"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4382"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4388"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4382"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4388"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4384"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#659761"
      },
      {
        "db": "VULHUB",
        "id": "VHN-29528"
      },
      {
        "db": "BID",
        "id": "26549"
      },
      {
        "db": "BID",
        "id": "26560"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001009"
      },
      {
        "db": "PACKETSTORM",
        "id": "61419"
      },
      {
        "db": "PACKETSTORM",
        "id": "61196"
      },
      {
        "db": "PACKETSTORM",
        "id": "64286"
      },
      {
        "db": "PACKETSTORM",
        "id": "64267"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-392"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6166"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#659761"
      },
      {
        "db": "VULHUB",
        "id": "VHN-29528"
      },
      {
        "db": "BID",
        "id": "26549"
      },
      {
        "db": "BID",
        "id": "26560"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001009"
      },
      {
        "db": "PACKETSTORM",
        "id": "61419"
      },
      {
        "db": "PACKETSTORM",
        "id": "61196"
      },
      {
        "db": "PACKETSTORM",
        "id": "64286"
      },
      {
        "db": "PACKETSTORM",
        "id": "64267"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200711-392"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-6166"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-11-24T00:00:00",
        "db": "CERT/CC",
        "id": "VU#659761"
      },
      {
        "date": "2007-11-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-29528"
      },
      {
        "date": "2007-11-23T00:00:00",
        "db": "BID",
        "id": "26549"
      },
      {
        "date": "2007-11-24T00:00:00",
        "db": "BID",
        "id": "26560"
      },
      {
        "date": "2007-12-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001009"
      },
      {
        "date": "2007-12-02T20:40:22",
        "db": "PACKETSTORM",
        "id": "61419"
      },
      {
        "date": "2007-11-27T02:10:48",
        "db": "PACKETSTORM",
        "id": "61196"
      },
      {
        "date": "2008-03-12T17:55:23",
        "db": "PACKETSTORM",
        "id": "64286"
      },
      {
        "date": "2008-03-04T22:49:07",
        "db": "PACKETSTORM",
        "id": "64267"
      },
      {
        "date": "2007-11-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200711-392"
      },
      {
        "date": "2007-11-29T01:46:00",
        "db": "NVD",
        "id": "CVE-2007-6166"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-01-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#659761"
      },
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-29528"
      },
      {
        "date": "2015-05-12T19:49:00",
        "db": "BID",
        "id": "26549"
      },
      {
        "date": "2007-12-18T20:06:00",
        "db": "BID",
        "id": "26560"
      },
      {
        "date": "2007-12-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001009"
      },
      {
        "date": "2009-01-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200711-392"
      },
      {
        "date": "2025-04-09T00:30:58.490000",
        "db": "NVD",
        "id": "CVE-2007-6166"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "26549"
      },
      {
        "db": "BID",
        "id": "26560"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple QuickTime RTSP Content-Type header stack buffer overflow",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#659761"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Boundary Condition Error",
    "sources": [
      {
        "db": "BID",
        "id": "26549"
      },
      {
        "db": "BID",
        "id": "26560"
      }
    ],
    "trust": 0.6
  }
}