Symantec is reporting an active exploit site for the QuickTime RTSP Response vulnerability described in CVE-2007-0166. Currently, the malicious stream is hosted at port 554 on the server 18.104.22.168. While we can already confirm the exploit, we are currently investigating and will publish further detail when it becomes available.
As in our previous diary entry on this, we recommend following US-CERT's recommendations:
Each of these does make the use of valid Quicktime content next to impossible, so please be aware of the impact this may have on your organization.
Dec 2nd 2007
9 years ago