Apple ITunes 'itpc:' URI Buffer Overflow Vulnerability Network Vulnerability

Summary

This host has iTunes installed, which is prone to buffer overflow vulnerability.

Impact

Successful exploitation could allow the attacker to execute arbitrary code in the context of an application. Failed exploit attempts will result in a denial-of-service condition. Impact Level: Application

Solution

Upgrade to Apple iTunes version 9.2.1 or later, For updates refer to http://www.apple.com/itunes/download/

Insight

The flaw is exists in the handling of 'itpc:' URL, when loaded by the user will trigger a buffer overflow and execute arbitrary code on the target system.

Affected

Apple iTunes version prior to 9.2.1

References

http://isc.sans.edu/diary.html?storyid=9202
http://securitytracker.com/alerts/2010/Jul/1024220.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1777
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Reader Buffer Overflow Vulnerability Sep09 (Win)
Adobe Reader 'mailListIsPdf' Buffer Overflow Vulnerability (Linux)
Attachmate Reflection FTP Client LIST Command Remote Heap Buffer Overflow Vulnerability
CA Internet Security Suite Plus 'KmxSbx.sys' Buffer Overflow Vulnerability
ActiveFax RAW Server Multiple Buffer Overflow Vulnerabilities

Apple iTunes 'itpc:' URI Buffer Overflow Vulnerability

Take action and discover your vulnerabilities