Lucene search
HistoryJun 02, 2009 - 6:30 p.m.
CVE-2009-0950
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
AI Score
Confidence
Low
0.966 High
EPSS
Percentile
99.6%
Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon.
Affected configurations
Node
appleitunesRangeβ€8.1.1-mac
ORappleitunesRangeβ€8.1.1-windows
ORappleitunesMatch1.0
ORappleitunesMatch1.0windows
ORappleitunesMatch1.0-mac
ORappleitunesMatch1.0-windows
ORappleitunesMatch1.1
ORappleitunesMatch1.1.1
ORappleitunesMatch1.1.1windows
ORappleitunesMatch1.1.1-mac
ORappleitunesMatch1.1.1-windows
ORappleitunesMatch1.1.2
ORappleitunesMatch1.1.2windows
ORappleitunesMatch1.1.2-mac
ORappleitunesMatch1.1.2-windows
ORappleitunesMatch2.0
ORappleitunesMatch2.0windows
ORappleitunesMatch2.0-mac
ORappleitunesMatch2.0-windows
ORappleitunesMatch2.0.1
ORappleitunesMatch2.0.1windows
ORappleitunesMatch2.0.1-mac
ORappleitunesMatch2.0.1-windows
ORappleitunesMatch2.0.2
ORappleitunesMatch2.0.2windows
ORappleitunesMatch2.0.2-mac
ORappleitunesMatch2.0.2-windows
ORappleitunesMatch2.0.3
ORappleitunesMatch2.0.3windows
ORappleitunesMatch2.0.3-mac
ORappleitunesMatch2.0.3-windows
ORappleitunesMatch2.0.4
ORappleitunesMatch2.0.4windows
ORappleitunesMatch2.0.4-mac
ORappleitunesMatch2.0.4-windows
ORappleitunesMatch3.0
ORappleitunesMatch3.0windows
ORappleitunesMatch3.0.1
ORappleitunesMatch3.0.1windows
ORappleitunesMatch4.0
ORappleitunesMatch4.0windows
ORappleitunesMatch4.0.0
ORappleitunesMatch4.0.0-mac
ORappleitunesMatch4.0.0-windows
ORappleitunesMatch4.0.1
ORappleitunesMatch4.0.1windows
ORappleitunesMatch4.0.1-mac
ORappleitunesMatch4.0.1-windows
ORappleitunesMatch4.1
ORappleitunesMatch4.1windows
ORappleitunesMatch4.1.0
ORappleitunesMatch4.1.0-mac
ORappleitunesMatch4.1.0-windows
ORappleitunesMatch4.2
ORappleitunesMatch4.2windows
ORappleitunesMatch4.2.0
ORappleitunesMatch4.2.0-mac
ORappleitunesMatch4.2.0-windows
ORappleitunesMatch4.2.72
ORappleitunesMatch4.2.72windows
ORappleitunesMatch4.5
ORappleitunesMatch4.5windows
ORappleitunesMatch4.5.0
ORappleitunesMatch4.5.0-mac
ORappleitunesMatch4.5.0-windows
ORappleitunesMatch4.6
ORappleitunesMatch4.6windows
ORappleitunesMatch4.6.0
ORappleitunesMatch4.6.0-mac
ORappleitunesMatch4.6.0-windows
ORappleitunesMatch4.7
ORappleitunesMatch4.7windows
ORappleitunesMatch4.7.0
ORappleitunesMatch4.7.0-mac
ORappleitunesMatch4.7.0-windows
ORappleitunesMatch4.7.1
ORappleitunesMatch4.7.1windows
ORappleitunesMatch4.7.1-mac
ORappleitunesMatch4.7.1-windows
ORappleitunesMatch4.7.1.30
ORappleitunesMatch4.7.1.30windows
ORappleitunesMatch4.7.2
ORappleitunesMatch4.8
ORappleitunesMatch4.8windows
ORappleitunesMatch4.8.0
ORappleitunesMatch4.8.0-mac
ORappleitunesMatch4.8.0-windows
ORappleitunesMatch4.9
ORappleitunesMatch4.9windows
ORappleitunesMatch4.9.0
ORappleitunesMatch4.9.0-mac
ORappleitunesMatch4.9.0-windows
ORappleitunesMatch5.0
ORappleitunesMatch5.0windows
ORappleitunesMatch5.0.0
ORappleitunesMatch5.0.0-mac
ORappleitunesMatch5.0.0-windows
ORappleitunesMatch5.0.1
ORappleitunesMatch5.0.1windows
ORappleitunesMatch5.0.1-mac
ORappleitunesMatch5.0.1-windows
ORappleitunesMatch6.0
ORappleitunesMatch6.0windows
ORappleitunesMatch6.0.0
ORappleitunesMatch6.0.0-mac
ORappleitunesMatch6.0.0-windows
ORappleitunesMatch6.0.1
ORappleitunesMatch6.0.1windows
ORappleitunesMatch6.0.1-mac
ORappleitunesMatch6.0.1-windows
ORappleitunesMatch6.0.2
ORappleitunesMatch6.0.2windows
ORappleitunesMatch6.0.2-mac
ORappleitunesMatch6.0.2-windows
ORappleitunesMatch6.0.3
ORappleitunesMatch6.0.3windows
ORappleitunesMatch6.0.3-mac
ORappleitunesMatch6.0.3-windows
ORappleitunesMatch6.0.4
ORappleitunesMatch6.0.4windows
ORappleitunesMatch6.0.4-mac
ORappleitunesMatch6.0.4-windows
ORappleitunesMatch6.0.4.2
ORappleitunesMatch6.0.4.2windows
ORappleitunesMatch6.0.5
ORappleitunesMatch6.0.5windows
ORappleitunesMatch6.0.5-mac
ORappleitunesMatch6.0.5-windows
ORappleitunesMatch7.0.0
ORappleitunesMatch7.0.0-mac
ORappleitunesMatch7.0.0-windows
ORappleitunesMatch7.0.1
ORappleitunesMatch7.0.1-mac
ORappleitunesMatch7.0.1-windows
ORappleitunesMatch7.0.2
ORappleitunesMatch7.0.2windows
ORappleitunesMatch7.0.2-mac
ORappleitunesMatch7.0.2-windows
ORappleitunesMatch7.1.0
ORappleitunesMatch7.1.0-mac
ORappleitunesMatch7.1.0-windows
ORappleitunesMatch7.1.1
ORappleitunesMatch7.1.1-mac
ORappleitunesMatch7.1.1-windows
ORappleitunesMatch7.2.0
ORappleitunesMatch7.2.0-mac
ORappleitunesMatch7.2.0-windows
ORappleitunesMatch7.3.0
ORappleitunesMatch7.3.0-mac
ORappleitunesMatch7.3.0-windows
ORappleitunesMatch7.3.1
ORappleitunesMatch7.3.1-mac
ORappleitunesMatch7.3.1-windows
ORappleitunesMatch7.3.2
ORappleitunesMatch7.3.2windows
ORappleitunesMatch7.3.2-mac
ORappleitunesMatch7.3.2-windows
ORappleitunesMatch7.4
ORappleitunesMatch7.4windows
ORappleitunesMatch7.4.0
ORappleitunesMatch7.4.0-mac
ORappleitunesMatch7.4.0-windows
ORappleitunesMatch7.4.1
ORappleitunesMatch7.4.1windows
ORappleitunesMatch7.4.1-mac
ORappleitunesMatch7.4.1-windows
ORappleitunesMatch7.4.2
ORappleitunesMatch7.4.2windows
ORappleitunesMatch7.4.2-mac
ORappleitunesMatch7.4.2-windows
ORappleitunesMatch7.4.3
ORappleitunesMatch7.4.3windows
ORappleitunesMatch7.5
ORappleitunesMatch7.5windows
ORappleitunesMatch7.5.0
ORappleitunesMatch7.5.0-mac
ORappleitunesMatch7.5.0-windows
ORappleitunesMatch7.6
ORappleitunesMatch7.6windows
ORappleitunesMatch7.6.0
ORappleitunesMatch7.6.0-mac
ORappleitunesMatch7.6.0-windows
ORappleitunesMatch7.6.1
ORappleitunesMatch7.6.1windows
ORappleitunesMatch7.6.1-mac
ORappleitunesMatch7.6.1-windows
ORappleitunesMatch7.6.2
ORappleitunesMatch7.6.2windows
ORappleitunesMatch7.6.2-mac
ORappleitunesMatch7.6.2-windows
ORappleitunesMatch7.7
ORappleitunesMatch7.7windows
ORappleitunesMatch7.7.0
ORappleitunesMatch7.7.0-mac
ORappleitunesMatch7.7.0-windows
ORappleitunesMatch7.7.1
ORappleitunesMatch7.7.1windows
ORappleitunesMatch7.7.1-mac
ORappleitunesMatch7.7.1-windows
ORappleitunesMatch8.0
ORappleitunesMatch8.0-mac
ORappleitunesMatch8.0-windows
ORappleitunesMatch8.0.0
ORappleitunesMatch8.0.0-mac
ORappleitunesMatch8.0.0-windows
ORappleitunesMatch8.0.1
ORappleitunesMatch8.0.1-mac
ORappleitunesMatch8.0.1-windows
ORappleitunesMatch8.0.2-mac
ORappleitunesMatch8.0.2-windows
ORappleitunesMatch8.1-mac
ORappleitunesMatch8.1-windows
References
lists.apple.com/archives/security-announce/2009/Jun/msg00001.html
osvdb.org/54833
redpig.dataspill.org/2009/05/drive-by-attack-for-itunes-811.html
secunia.com/advisories/35314
static.dataspill.org/releases/itunes/itms_overflow.rb
support.apple.com/kb/HT3592
www.securityfocus.com/archive/1/504043/100/0/threaded
www.securityfocus.com/bid/35157
www.securitytracker.com/id?1022313
www.vupen.com/english/advisories/2009/1470
exchange.xforce.ibmcloud.com/vulnerabilities/50899
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17099
www.exploit-db.com/exploits/8861
www.exploit-db.com/exploits/8934
Related
openvas
openvas
Apple iTunes 'itms:' URI Stack Buffer Overflow Vulnerability (HT3592)
2009-06-04 00:00:00
Apple iTunes 'itms:' URI Stack Buffer Overflow Vulnerability
2009-06-04 00:00:00
prion
prion
Stack overflow
2009-06-02 18:30:00
cvelist
cvelist
CVE-2009-0950
2009-06-02 18:00:00
seebug
seebug
Apple iTunes 8.1.1 (ITMS) Multiple Protocol Handler BOF Exploit (meta)
2009-06-04 00:00:00
Apple iTunes 8.1.1.10 (itms/itcp) Remote Buffer Overflow Exploit (win)
2009-06-13 00:00:00
Apple iTunes 8.1.x - (daap) Buffer Overflow Remote Exploit
2014-07-01 00:00:00
securityvulns
securityvulns
TPTI-09-03: Apple iTunes Multiple Protocol Handler Buffer Overflow Vulnerabilities
2009-06-04 00:00:00
Apple iTunes multiple security vulnerabilities
2009-06-04 00:00:00
nessus
nessus
iTunes < 8.2 itms: URL Stack Overflow (Mac OS X)
2009-06-02 00:00:00
Apple iTunes < 8.2 itms: URI Handling Overflow (credentialed check)
2009-06-02 00:00:00
Apple iTunes < 8.2 itms: URI Handling Overflow (uncredentialed check)
2009-06-02 00:00:00
packetstorm
packetstorm
Apple OS X iTunes 8.1.1 ITMS Overflow
2009-12-31 00:00:00
Apple iTunes 8.1.1.10 Buffer Overflow Exploit
2009-06-12 00:00:00
saint
saint
Apple iTunes itms: URL buffer overflow
2009-07-06 00:00:00
Apple iTunes itms: URL buffer overflow
2009-07-06 00:00:00
Apple iTunes itms: URL buffer overflow
2009-07-06 00:00:00
exploitpack
exploitpack
Apple iTunes 8.1.x - daap Remote Buffer Overflow
2010-01-14 00:00:00
Apple iTunes 8.1.1.10 (Windows) - itmsitcp Remote Buffer Overflow
2009-06-12 00:00:00
cve
cve
CVE-2009-0950
2009-06-02 18:30:00
checkpoint_advisories
checkpoint_advisories
Apple iTunes Protocol Handler Stack Buffer Overflow (CVE-2009-0950)
2010-02-01 00:00:00
exploitdb
exploitdb
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
AI Score
Confidence
Low
0.966 High
EPSS
Percentile
99.6%
Related for NVD:CVE-2009-0950