OverviewAs this vulnerability is described as affecting only windows version of QuickTime, it remains unknown if it would also affect Mac OS X version.
Apple QuickTime contains a stack buffer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service condition.
Description
Real Time Streaming Protocol (RTSP) is a protocol that is used by streaming media systems. The Apple QuickTime Streaming Server and QuickTime player both support for RTSP.
Apple QuickTime contains a stack buffer overflow vulnerability in the way QuickTime handles the RTSP Content-Type header. This vulnerability may be exploited by convincing a user to connect to a specially crafted RTSP stream. Note that QuickTime is a component of Apple iTunes, therefore iTunes installations are also affected by this vulnerability. We are aware of publicly available exploit code for this vulnerability.
Impact
By convincing a user to connect to a specially crafted RTSP stream, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. An attacker can use various types of web page content, including a QuickTime Media Link file, to cause a user to load an RTSP stream.
As usual to avoid exposure to a potential thread, simply avoid watching video streaming from unknown source.
