This module runs a server waiting for vulnerable clients to connect to it. When the client connects, it will try to install an agent by exploiting a vulnerability in Apple QuickTime, which allows unauthenticated attackers to execute arbitrary code or cause a denial of service condition. The module will send an e-mail with a specially crafted HTML page waiting for victim users to connect through it. When the user clicks on the link, a connection is made to a specially crafted RTSP stream that triggers the vulnerability.
CVE Link
Exploit Type
Product Name