CVE-2003-0050

EXPLOITED

Apple Darwin Streaming Administration Server <4.1.2 - RCE

Title source: llm

Description

parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappscgi

https://www.exploit-db.com/exploits/16891

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by hdm · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/qtss_parse_xml_exec.rb

View Code ZIP pw:eip

References (4)

[Mailing List] http://marc.info/?l=bugtraq&m=104618904330226&w=2

[Vendor Advisory] http://www.iss.net/security_center/static/11401.php

[Mailing List] http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/6954

Scores

EPSS 0.8785

EPSS Percentile 99.5%

Details

VulnCheck KEV 2020-12-01

Status published

Products (2)

apple/darwin_streaming_server 4.1.2

apple/quicktime_streaming_server 4.1.1

Published Mar 07, 2003

Tracked Since Feb 18, 2026