CVE-2008-0234

Name of the Vulnerable Software and Affected Versions Apple Quicktime Player versions prior to 7.4.1

Description The issue allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request. This can be demonstrated using a 404 error message when RTSP tunneling is enabled.

Recommendations For versions prior to 7.4.1, update to version 7.4.1 or later to resolve the issue. As a temporary workaround, consider disabling RTSP tunneling until a patch is available.