PT-2003-2046 · Apple · Apple Quicktime/Darwin Streaming Server

Sir Mordred

Published

2003-12-31

Updated

2017-07-11

CVE-2003-1091

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Apple QuickTime/Darwin Streaming Server version 4.1.3

Description The issue is related to an integer overflow in MP3Broadcaster, which can be triggered by remote attackers sending malformed ID3 tags in MP3 files. This can cause a denial of service (crash) and potentially allow the execution of arbitrary code.

Recommendations For Apple QuickTime/Darwin Streaming Server version 4.1.3, consider updating to a newer version that addresses this issue, as no specific workaround is provided for this version.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-1091

Affected Products

Apple Quicktime/Darwin Streaming Server

PT-2003-2046 · Apple · Apple Quicktime/Darwin Streaming Server

CVE-2003-1091

Related Identifiers

Affected Products

References · 7