Remote Denial of Service in Apple QuickTime and Darwin Streaming Server
CVE-2003-0502

Currently unrated

Key Information:

Vendor: Apple
Status: Darwin Streaming Server
Vendor: CVE Published:; 27 August 2003

Summary

A vulnerability in Apple QuickTime and Darwin Streaming Server allows remote attackers to exploit a flaw in the handling of specific URL requests. By sending a specially crafted request that contains a sequence of dots followed by an MS-DOS device name, an attacker can trigger a denial of service, causing the affected service to crash. This issue impacts versions prior to 4.1.3g and requires access to the HTTP service running on port 1220, demonstrating the necessity of securing media streaming services against such remote execution possibilities.

References

http://archives.neohapsis.com/archives/vulnwatch/2003-q3/...

mailing-listx_refsource_VULNWATCH

http://www.rapid7.com/advisories/R7-0015.html

x_refsource_MISC

Timeline

Vulnerability published
Aug 27, 2003
Vulnerability Reserved
Jun 11, 2003