Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Apple QuickTime 7.3 RTSP Response 0day SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple QuickTime 7.3 RTSP Response 0day

Thank you all for writing in!!  We appreciate it, things have been a little crazy around the ISC today, so we haven't been able to throw some stuff up on the diary about the Quicktime bug.  (We've had to wake everyone up, they all ate turkey..tryptophan... it's not pretty, anyway...)

As outlined by Secunia, Apple's Quicktime 7.2 and 7.3 has a overwrite condition via incorrect rtsp parsing.  Check it out here

There are several things you can do until this gets patched (just remember to undo them after you patch!).

1) Block the RTSP protocol.  Ports are 554/tcp and 6970-6999/udp.

2) Set the Killbit for Quicktime CLSID's:


There are some other recommendations over at the US-CERT site.  But like I said, remember to undo them after the patch, or you will be wondering why things aren't working with your Quicktime streams. 

Please remember that Quicktime is a component of iTunes...

Joel Esler


454 Posts
Nov 26th 2007
I've posted Snort rules and more information on my blog at

- Chris

Sign Up for Free or Log In to start participating in the conversation!