ID CVE-2005-0043
Summary Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute arbitrary code via a long URL in (1) .m3u or (2) .pls playlist files.
References
Vulnerable Configurations
  • Apple iTunes 4.7
    cpe:2.3:a:apple:itunes:4.7
CVSS
Base: 7.5 (as of 13-05-2005 - 15:19)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
  • description Apple iTunes Playlist Local Parsing Buffer Overflow Exploit. CVE-2005-0043. Remote exploit for osx platform
    id EDB-ID:758
    last seen 2016-01-31
    modified 2005-01-16
    published 2005-01-16
    reporter nemo
    source https://www.exploit-db.com/download/758/
    title Apple iTunes Playlist Local Parsing Buffer Overflow Exploit
  • description Apple ITunes 4.7 Playlist Buffer Overflow. CVE-2005-0043. Local exploit for windows platform
    id EDB-ID:16562
    last seen 2016-02-02
    modified 2010-05-09
    published 2010-05-09
    reporter metasploit
    source https://www.exploit-db.com/download/16562/
    title Apple ITunes 4.7 Playlist Buffer Overflow
metasploit via4
description This module exploits a stack buffer overflow in Apple ITunes 4.7 build 4.7.0.42. By creating a URL link to a malicious PLS file, a remote attacker could overflow a buffer and execute arbitrary code. When using this module, be sure to set the URIPATH with an extension of '.pls'.
id MSF:EXPLOIT/WINDOWS/BROWSER/APPLE_ITUNES_PLAYLIST
last seen 2019-03-22
modified 2017-07-24
published 2007-02-03
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/apple_itunes_playlist.rb
title Apple ITunes 4.7 Playlist Buffer Overflow
nessus via4
NASL family MacOS X Local Security Checks
NASL id MACOSX_ITUNES_OVERFLOW.NASL
description The remote host is running a version of iTunes which is older than version 4.7.1. The remote version of this software is vulnerable to a buffer overflow when it parses a malformed playlist file (.m3u or .pls files). A remote attacker could exploit this by tricking a user into opening a maliciously crafted file, resulting in arbitrary code execution.
last seen 2019-02-21
modified 2018-07-14
plugin id 16151
published 2005-01-13
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=16151
title iTunes < 4.7.1
packetstorm via4
data source https://packetstormsecurity.com/files/download/83127/apple_itunes_playlist.rb.txt
id PACKETSTORM:83127
last seen 2016-12-05
published 2009-11-26
reporter MC
source https://packetstormsecurity.com/files/83127/Apple-ITunes-4.7-Playlist-Buffer-Overflow.html
title Apple ITunes 4.7 Playlist Buffer Overflow
refmap via4
apple APPLE-SA-2005-01-11
bid 12238
cert-vn VU#377368
idefense 20050113 Apple iTunes Playlist Parsing Buffer Overflow Vulnerability
osvdb 12833
sectrack 1012839
secunia 13804
xf itunes-m3u-pls-bo(18851)
Last major update 05-09-2008 - 16:45
Published 02-05-2005 - 00:00
Last modified 10-07-2017 - 21:32
Back to Top