Lucene search
SAINT CorporationSAINT:478EC123F9966772B734E1C5BFAAE92FHistoryJul 03, 2012 - 12:00 a.m.
iTunes m3u Playlist Overflow
2012-07-0300:00:00
SAINT Corporation
www.saintcorporation.com
21
0.869 High
EPSS
Percentile
98.3%
Added: 07/03/2012
CVE: CVE-2012-0677
BID: 53933
OSVDB: 82897
Background
iTunes is a free media player for multiple platforms.
Problem
iTunes does not properly validate parameters for #EXTINF: directives in m3u files. This results in an exploitable stack overflow.
Resolution
Upgrade to iTunes 10.6.3 or higher.
References
<http://support.apple.com/kb/HT5318>
<http://zeroscience.mk/en/vulnerabilities/ZSL-2012-5093.php>
Limitations
QuickTime must be installed on the target system. This exploit has been tested against iTunes 10.6.1.7 and QuickTime 7.7.2 running on Microsoft Windows XP SP3 English (DEP OptIn).
Platforms
Windows
Related
nessus
nessus
iTunes < 10.6.3 m3u Multiple Buffer Overflow Vulnerabilities (Mac OS X)
2012-06-14 00:00:00
iTunes < 10.6.3 Multiple Vulnerabilities
2012-06-19 00:00:00
Apple iTunes < 10.6.3 Multiple Vulnerabilities (credentialed check)
2012-06-14 00:00:00
saint
saint
iTunes m3u Playlist Overflow
2012-07-03 00:00:00
iTunes m3u Playlist Overflow
2012-07-03 00:00:00
iTunes m3u Playlist Overflow
2012-07-03 00:00:00
canvas
canvas
Immunity Canvas: ITUNES_10_6_1
2012-06-12 14:55:00
seebug
seebug
Apple iTunes 10.6.1.7 M3U Playlist File Walking Heap Buffer Overflow
2014-07-01 00:00:00
Apple iTunes <= 10.6.1.7 Extended m3u Stack Buffer Overflow
2014-07-01 00:00:00
Apple iTunesζ§θ‘δ»»ζ代η εζη»ζε‘ζΌζ΄
2012-06-13 00:00:00
prion
prion
Heap overflow
2012-06-12 14:55:00
packetstorm
packetstorm
Apple iTunes 10.6.1.7 M3U Playlist Buffer Overflow
2012-06-12 00:00:00
iTunes Extended M3U Stack Buffer Overflow
2012-06-21 00:00:00
exploitpack
exploitpack
Apple iTunes 10.6.1.7 - Extended m3u Stack Buffer Overflow (Metasploit)
2012-06-21 00:00:00
Apple iTunes 10.6.1.7 - .m3u Walking Heap Buffer Overflow (PoC)
2012-06-13 00:00:00
cvelist
cvelist
CVE-2012-0677
2012-06-12 14:00:00
openvas
openvas
Apple iTunes '.m3u' Playlist Code Execution Vulnerabilities (Windows)
2012-06-12 00:00:00
Apple iTunes '.m3u' Playlist Code Execution Vulnerability (Mac OS X)
2012-06-12 00:00:00
Apple iTunes '.m3u' Playlist Code Execution Vulnerabilities - Windows
2012-06-12 00:00:00
exploitdb
exploitdb
Apple iTunes 10.6.1.7 - Extended m3u Stack Buffer Overflow (Metasploit)
2012-06-21 00:00:00
Apple iTunes 10.6.1.7 - '.m3u' Walking Heap Buffer Overflow (PoC)
2012-06-13 00:00:00
cve
cve
CVE-2012-0677
2012-06-12 14:55:00
checkpoint_advisories
checkpoint_advisories
Apple iTunes m3u Playlist Multiple Buffer Overflows (CVE-2012-0677)
2012-09-04 00:00:00
zeroscience
zeroscience
Apple iTunes 10.6.1.7 M3U Playlist File Walking Heap Buffer Overflow
2012-06-12 00:00:00
securityvulns
securityvulns
APPLE-SA-2012-06-11-1 iTunes 10.6.3
2012-06-12 00:00:00
Apple iTunes security vulnerabilities
2012-06-12 00:00:00