fkie_nvd - fkie_cve-2012-0677

fkie_cve-2012-0677

Vulnerability from fkie_nvd

Published

2012-06-12 14:55

Modified

2025-04-11 00:51

Severity ?

Summary

Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist.

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2012/Jun/msg00000.html	Vendor Advisory
product-security@apple.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17016
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2012/Jun/msg00000.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17016

Impacted products

Vendor	Product	Version
apple	itunes	*
apple	itunes	10.0
apple	itunes	10.0.1
apple	itunes	10.1
apple	itunes	10.1.1
apple	itunes	10.1.1.4
apple	itunes	10.1.2
apple	itunes	10.2
apple	itunes	10.2.2.12
apple	itunes	10.3
apple	itunes	10.3.1
apple	itunes	10.4
apple	itunes	10.4.0.80
apple	itunes	10.4.1
apple	itunes	10.4.1.10
apple	itunes	10.5
apple	itunes	10.5.1
apple	itunes	10.5.1.42
apple	itunes	10.5.2
apple	itunes	10.5.3
apple	itunes	10.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "07D97E9C-D4BC-4B1D-B745-EA2F691BF8DF",
              "versionEndIncluding": "10.6.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5817849-ADD0-4905-87D5-4D61DB635747",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:10.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "96E90253-3F7D-4361-819B-5D49657F4472",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "84336EBA-5EC0-4C49-B1B9-9DAB23D5C3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:10.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CDE68E5-744B-4E18-BB74-83D7185E6A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:10.1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A599C14-8294-40D2-BCF2-183AF3D3AD84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:10.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2375C00-64ED-4027-810F-BA9E561385D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C720899-5ED4-4B7F-B90F-043DE7D91C44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:10.2.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "81A2EB90-E0C6-47B0-91BD-F77A721C163F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1CA3CEB-11D9-4B24-82A1-D7EE77C2E7B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:10.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FF65883-4445-4436-98C5-35D9D2E1907B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0CCD602-FC35-4FD5-B976-4B585C5AA254",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:10.4.0.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "D82F9D18-690C-4F81-A940-C509C5AC8D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:10.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "00B09F07-11C7-4A0A-9367-3A12E9B21110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:10.4.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "87884DFE-9254-4CF3-A002-16DB880AA0DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "78B3119A-8986-4F13-9156-F8C9D1D8BC06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:10.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA7E822-3EEC-4BF1-93A3-3E474BB4651A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:10.5.1.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AC29E4A-A3C2-4D8A-B7AF-823A31EEEFF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:10.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6AACF2A-2CF0-4631-A979-B226D063275E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:10.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8020420-4C59-4536-9F73-AEC7999F766B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:10.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3822ACC2-5FEC-4F97-A5B2-8FE9D8EFC860",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de desbordamiento de b\u00fafer basado en pila en el iTunes de Apple antes de v10.6.3 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un un lista de reproducci\u00f3n .m3u espec\u00edficamente modificada para este fin."
    }
  ],
  "id": "CVE-2012-0677",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-06-12T14:55:01.250",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2012/Jun/msg00000.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17016"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2012/Jun/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17016"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2012-0677 (GCVE-0-2012-0677)

Vulnerability from cvelistv5

Published

2012-06-12 14:00