F-Secure
Tools
Apple iTunes Protocol Handler Buffer Overflow Vulnerability
| Report ID: | SA200902512 |
| Source: | Secunia |
| Date of Discovery: | 02.06.2009 |
| Criticality: | Urgent |
| Affects: | iTunes 8.x |
| Compromise From: | From remote |
| Compromise Type: | System access |
Summary
A vulnerability has been reported in Apple iTunes, which can be exploited by malicious people to compromise a user's system.
Detailed Description
A vulnerability has been reported in Apple iTunes, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in various URI handlers including "itms", "itmss", "daap", "pcast", and "itpc" and can be exploited to cause a stack-based buffer overflow.
Successful exploitation allows execution of arbitrary code.
The vulnerability is caused due to a boundary error in various URI handlers including "itms", "itmss", "daap", "pcast", and "itpc" and can be exploited to cause a stack-based buffer overflow.
Successful exploitation allows execution of arbitrary code.
Solution
Update to version 8.2.
www.apple.com/itunes/download/
www.apple.com/itunes/download/
Original Reference
-