Apple QuickTime/Darwin Streaming Server Command Execution Vulnerability

A command execution vulnerability has been discovered in the Darwin/QuickTime Streaming Servers. The vulnerability exists due to insufficient sanitization performed on some user-supplied input.

An attacker can exploit this vulnerability by submitting a specially crafted string to the parse_xml.cgi application that include malicious shell commands. These commands, when received by the Streaming Administration Servers, will be executed and may be used to compromise a vulnerable system.


Privacy Statement
Copyright 2010, SecurityFocus