Added: 07/03/2012
CVE: CVE-2012-0677
BID: 53933
OSVDB: 82897
iTunes is a free media player for multiple platforms.
iTunes does not properly validate parameters for #EXTINF: directives in m3u files. This results in an exploitable stack overflow.
Upgrade to iTunes 10.6.3 or higher.
<http://support.apple.com/kb/HT5318>
<http://zeroscience.mk/en/vulnerabilities/ZSL-2012-5093.php>
QuickTime must be installed on the target system. This exploit has been tested against iTunes 10.6.1.7 and QuickTime 7.7.2 running on Microsoft Windows XP SP3 English (DEP OptIn).
Windows