1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Labs
  2. Security Threats
  3. Vulnerability Reports
  4. SA201006411

Apple iTunes Buffer Overflow Vulnerability

Report ID: SA201006411
Source: F-Secure
Date of Discovery: 24.02.2010
Criticality: Critical
Affects:
Apple iTunes 9 for Windows and Mac
Compromise From: From remote
Compromise Type: DoS
Remote code execution

Summary

A buffer overflow vulnerability in Apple iTunes could allow arbitrary code execution.

Detailed Description

A buffer overflow vulnerability, which is caused by a boundary checking error while processing .pls files, has been reported in Apple iTunes 9.

Opening a maliciously-crafted .pls file could cause the application to crash, and a successful exploitation of this vulnerability could allow the attacker to execute arbitrary code.

Solution

Update to Apple iTunes version 9.0.1

Original Reference

About the security content of iTunes 9.0.1 (http://support.apple.com/kb/HT3884)

CVE Reference

CVE-2009-2817