Overview
A buffer overflow vulnerability in iTunes could allow a remote attacker to execute arbitrary code.
Description
Apple iTunes is a digital media player available for the Microsoft Windows and Mac OS X operating systems. It supports a variety of playlist formats including .m3u and .pls. A playlist allows a user to organize the order in which media files are played. In addition to media files, URLs to digital streams can be included in a playlist. There is a buffer overflow vulnerability in the way iTunes parses URL entries in .m3u and .pls playlist files. If a remote attacker creates a specially crafted playlist containing an overly long URL, a buffer overflow will occur and could lead to arbitrary code execution. |
Impact
By convincing a user to load a specially crafted .m3u or .pls playlist file into iTunes, an attacker could execute arbitrary code with the privileges of the user. |
Solution
Install Update
|
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
iDEFENSE credits Sean de Regge for reporting this vulnerability
This document was written by Damon Morda.
Other Information
| CVE IDs: | CVE-2005-0043 |
| Severity Metric: | 30.38 |
| Date Public: | 2005-01-11 |
| Date First Published: | 2005-01-14 |
| Date Last Updated: | 2005-01-14 18:26 UTC |
| Document Revision: | 12 |