Sign-up

ID

VAR-200312-0193


CVE

CVE-2003-1091


TITLE

Apple QuickTime/Darwin Streaming Server integer overflow in MP3Broadcaster utility

Trust: 0.8

sources: CERT/CC: VU#148564

DESCRIPTION

Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin Streaming Server 4.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed ID3 tags in MP3 files. Apple's QuickTime and Darwin Streaming Server (DSS) package includes a utility called MP3Broadcaster. This utility contains an integer overflow which may be exploited to cause a denial of service. MP3Broadcaster has been reported prone to a vulnerability when processing malicious ID3 tags. This is likely due to insufficient sanity checks performed when handling signed integer values contained within MP3 file ID3 tags. MP3Broadcaster is an MP3 broadcasting program included in the Darwin streaming service program. MP3Broadcaster does not correctly process the ID3 tag. Remote attackers can use this vulnerability to construct malicious MP3 files, trigger integer-based buffer overflows, and perform denial-of-service attacks on service programs. Malicious MP3 files can cause MP3Broadcaster to segfault

Trust: 1.98

sources: NVD: CVE-2003-1091 // CERT/CC: VU#148564 // BID: 7660 // VULHUB: VHN-7916

AFFECTED PRODUCTS

vendor:apple computermodel: - scope: - version: -

Trust: 0.8

vendor:applemodel:quicktime broadcasterscope:eqversion:4.1.3

Trust: 0.6

vendor:applemodel:quicktime mp3 broadcasterscope:eqversion:0

Trust: 0.3

sources: CERT/CC: VU#148564 // BID: 7660 // CNNVD: CNNVD-200312-258

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-1091
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#148564
value: 4.69

Trust: 0.8

CNNVD: CNNVD-200312-258
value: HIGH

Trust: 0.6

VULHUB: VHN-7916
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2003-1091
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-7916
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#148564 // VULHUB: VHN-7916 // CNNVD: CNNVD-200312-258 // NVD: CVE-2003-1091

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-1091

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200312-258

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 7660 // CNNVD: CNNVD-200312-258

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-7916

EXTERNAL IDS
db:BIDid:7660
Trust: 2.8
db:CERT/CCid:VU#148564
Trust: 2.8
db:SECTRACKid:1006822
Trust: 2.5
db:NVDid:CVE-2003-1091
Trust: 1.7
db:CNNVDid:CNNVD-200312-258
Trust: 0.7
db:NSFOCUSid:4873
Trust: 0.6
db:XFid:3
Trust: 0.6
db:XFid:12054
Trust: 0.6
db:BUGTRAQid:20030522 QUICKTIME/DARWIN STREAMING SERVER SECURITY ISSUES
Trust: 0.6
db:SEEBUGid:SSVID-76429
Trust: 0.1
db:EXPLOIT-DBid:22630
Trust: 0.1
db:VULHUBid:VHN-7916
Trust: 0.1
sources:
            
            
            CERT/CC: VU#148564 // 
            
            
            
            VULHUB: VHN-7916 // 
            
            
            
            BID: 7660 // 
            
            
            
            CNNVD: CNNVD-200312-258 // 
            
            
            
            NVD: CVE-2003-1091

REFERENCES
url:http://www.securityfocus.com/bid/7660
Trust: 2.5
url:http://www.kb.cert.org/vuls/id/148564
Trust: 2.0
url:http://archives.neohapsis.com/archives/bugtraq/2003-05/0245.html
Trust: 1.7
url:http://securitytracker.com/id?1006822
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/12054
Trust: 1.1
url:http://securitytracker.com/alerts/2003/may/1006822.html
Trust: 0.8
url:http://www.iss.net/security_center/static/12054.php
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/12054
Trust: 0.6
url:http://www.nsfocus.net/vulndb/4873
Trust: 0.6
sources:
            
            
            CERT/CC: VU#148564 // 
            
            
            
            VULHUB: VHN-7916 // 
            
            
            
            BID: 7660 // 
            
            
            
            CNNVD: CNNVD-200312-258 // 
            
            
            
            NVD: CVE-2003-1091

CREDITS
Sir Mordred※ sir.mordred@hushmail.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200312-258

SOURCES
db:CERT/CCid:VU#148564
db:VULHUBid:VHN-7916
db:BIDid:7660
db:CNNVDid:CNNVD-200312-258
db:NVDid:CVE-2003-1091

LAST UPDATE DATE
2024-08-14T12:21:54.328000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#148564date:2003-12-23T00:00:00
db:VULHUBid:VHN-7916date:2017-07-11T00:00:00
db:BIDid:7660date:2003-05-22T00:00:00
db:CNNVDid:CNNVD-200312-258date:2005-10-20T00:00:00
db:NVDid:CVE-2003-1091date:2017-07-11T01:29:44.010

SOURCES RELEASE DATE
db:CERT/CCid:VU#148564date:2003-12-23T00:00:00
db:VULHUBid:VHN-7916date:2003-12-31T00:00:00
db:BIDid:7660date:2003-05-22T00:00:00
db:CNNVDid:CNNVD-200312-258date:2003-05-22T00:00:00
db:NVDid:CVE-2003-1091date:2003-12-31T05:00:00