A vulnerability was found in Apple QuickTime and Darwin Streaming Server up to 4.1.3e (Multimedia Player Software). It has been rated as critical. This issue affects an unknown functionality of the component MS DOS Device Name. The manipulation with an unknown input leads to a denial of service vulnerability. Using CWE to declare the problem leads to CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. Impacted is availability. The summary by CVE is:

Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0502.

The weakness was published 08/27/2003 (Website). It is possible to read the advisory at rapid7.com. The identification of this vulnerability is CVE-2003-0421 since 06/11/2003. The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. The technical details are unknown and an exploit is not publicly available.

Upgrading to version 4.1.3f eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at X-Force (12691). Similar entries are available at 20736, 20737, 20738 and 20739.

Productinfo

Type

• Multimedia Player Software

Vendor

• Apple

Name

• Darwin Streaming Server
• QuickTime

Version

• 4.1.3a
• 4.1.3b
• 4.1.3c
• 4.1.3d
• 4.1.3e

License

• free

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion