9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.836 High
EPSS
Percentile
98.4%
Added: 07/03/2012
CVE: CVE-2012-0677
BID: 53933
OSVDB: 82897
iTunes is a free media player for multiple platforms.
iTunes does not properly validate parameters for #EXTINF: directives in m3u files. This results in an exploitable stack overflow.
Upgrade to iTunes 10.6.3 or higher.
<http://support.apple.com/kb/HT5318>
<http://zeroscience.mk/en/vulnerabilities/ZSL-2012-5093.php>
QuickTime must be installed on the target system. This exploit has been tested against iTunes 10.6.1.7 and QuickTime 7.7.2 running on Microsoft Windows XP SP3 English (DEP OptIn).
Windows