CVE-2003-0050

Exploitation Summary

CVE-2003-0050 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including Metasploit, hdm, including a Metasploit module exploits/unix/webapp/qtss_parse_xml_exec.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in QuickTime Streaming Server's parse_xml.cgi script, allowing arbitrary command execution as root via a maliciously crafted POST request.

Description

parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappscgi

https://www.exploit-db.com/exploits/16891

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in QuickTime Streaming Server's parse_xml.cgi script, allowing arbitrary command execution as root via a maliciously crafted POST request.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: QuickTime Streaming Server (parse_xml.cgi)

No auth needed

Prerequisites: Network access to the target server · parse_xml.cgi endpoint exposed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by hdm · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/qtss_parse_xml_exec.rb