CVE-2003-1091

Apple QuickTime/Darwin Streaming Server 4.1.3 - DoS/Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1091. PoCs published by Sir Mordred.

AI-analyzed exploit summary This exploit demonstrates a vulnerability in MP3Broadcaster (part of Darwin Streaming Server) where malformed ID3 tags in an MP3 file can trigger a buffer overflow due to insufficient sanity checks on signed integer values. The PoC creates a crafted MP3 file with a malicious ID3 tag to exploit this issue.

Description

Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin Streaming Server 4.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed ID3 tags in MP3 files.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Sir Mordred · textremoteosx

https://www.exploit-db.com/exploits/22630

View Code ZIP pw:eip

This exploit demonstrates a vulnerability in MP3Broadcaster (part of Darwin Streaming Server) where malformed ID3 tags in an MP3 file can trigger a buffer overflow due to insufficient sanity checks on signed integer values. The PoC creates a crafted MP3 file with a malicious ID3 tag to exploit this issue.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: MP3Broadcaster (Darwin Streaming Server)

No auth needed

Prerequisites: MP3Broadcaster installed and running · Ability to upload or serve a crafted MP3 file

MITRE ATT&CK