CVEブラウザに戻る

CVE-2007-0749

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0490%

EPSS Percentile7.64th

Published2007年5月13日

Last Modified2026年4月23日

Vulnerability Description

Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request.

Affected Platforms (CPE)

📦

Apple

Darwin Streaming Server

= 4.1.2

📦

Apple

Darwin Streaming Server

= 5.0.1

📦

Apple

Darwin Streaming Server

= 5.5.4

📦

Apple

Darwin Streaming Server

= 4.1.3

References & Advisories

🔗 http://docs.info.apple.com/article.html?artnum=305495

🔗 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=533

🔗 http://lists.apple.com/archives/Security-announce/2007/May/msg00002.html

🔗 http://osvdb.org/35976

🔗 http://secunia.com/advisories/25193

🔗 http://www.securityfocus.com/bid/23918

🔗 http://www.securitytracker.com/id?1018047

🔗 http://www.vupen.com/english/advisories/2007/1770

関連する脆弱性情報

CVE-2003-042610.0

The installation of Apple QuickTime / Darwin Streaming Server before 4.1.3f starts the administration server with a "Setup Assista...

CVE-2003-050210.0

Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to cause a denial of service (crash) via a .. (dot...

CVE-2003-042110.0

Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via an MS-DOS...

CVE-2007-074810.0

Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allows remote attacke...