Quicktime/Darwin Remote Admin Exploit

Summary
Cross site scripting, buffer overflow and remote command execution on QuickTime/Darwin Streaming Administration Server. This is due to parsing problems with per script: parse_xml.cgi. The worst of these vulnerabilities allows for remote command execution usually as root or administrator. These servers are installed by default on port 1220. See: http://www.atstake.com/research/advisories/2003/a022403-1.txt
Solution
Obtain a patch or new software from Apple or block this port (TCP 1220) from internet access. *** OVS reports this vulnerability using only *** information that was gathered. Only the existance *** of the potentially vulnerable cgi script was tested.