Apple QuickTime may allow remote arbitrary code to be executed via a long src parameter in RTSP URL strings.
A vulnerability exists in the way Apple QuickTime handles specially crafted Real Time Streaming Protocol (RTSP) URL strings. An attacker may be able to craft a QTL file to take advantage of this vulnerability. However, there are other attack vectors that do not involve QTL files. According to MOAB-01-01-2007:
A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial of service.
Apple Computer, Inc.
This issue was reported in MOAB-01-01-2007
This document was written by Chris Taschner and Will Dormann.
|Date First Published:||2007-01-02|
|Date Last Updated:||2007-01-25 22:05 UTC|