var-201206-0336
Vulnerability from variot
Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist. Apple iTunes is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. iTunes is a free application for your Mac or PC. It lets you organize and play digital music and video on your computer. It can automatically download new music, app, and book purchases across all your devices and computers. And it’s a store that has everything you need to be entertained. Anywhere. a specially crafted .M3U file. Successful exploitation could allow execution of arbitrary code on the affected node.
-------------------------------------------------------------------------------- (940.fc0): Access violation - code c0000005 (!!! second chance !!!)
eax=41414141 ebx=08508cd8 ecx=41414141 edx=052a6528 esi=052a64b0 edi=0559ef20
eip=41414141 esp=0012d8e8 ebp=7c90ff2d iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
41414141 ?? ???
~~~
(6b0.a04): Access violation - code c0000005 (!!! second chance !!!)
eax=41414141 ebx=00000000 ecx=00000014 edx=41414141 esi=41414141 edi=0187e10d
eip=0187deec esp=0b0cfcd0 ebp=0b0cfcf0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
Defaulted to export symbols for C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll -
CoreFoundation!CFWriteStreamCreateWithAllocatedBuffers+0x40:
0187deec 8b00 mov eax,dword ptr [eax] ds:0023:41414141=????????
--------------------------------------------------------------------------------
Tested on: Microsoft Windows XP Professional SP3 EN (32bit)Microsoft Windows 7 Ultimate SP1 EN (64bit). Apple iTunes is a set of media player applications of Apple (Apple), which is mainly used for playing and managing digital music and video files. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-06-11-1 iTunes 10.6.3
iTunes 10.6.3 is now available and addresses the following:
iTunes Available for: Mac OS X v10.5 or later, Windows 7, Vista, XP SP2 or later Impact: Importing a maliciously crafted .m3u playlist may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of .m3u playlists. CVE-ID CVE-2012-0677 : Gjoko Krstic of Zero Science Lab
WebKit Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in WebKit. CVE-ID CVE-2012-0672 : Adam Barth and Abhishek Arya of the Google Chrome Security Team
iTunes 10.6.3 may be obtained from: http://www.apple.com/itunes/download/
For Mac OS X: The download file is named: "iTunes10.6.3.dmg" Its SHA-1 digest is: e673e5cbd2955130efbc92a788fff178e66bd155
For Windows XP / Vista / Windows 7: The download file is named: "iTunesSetup.exe" Its SHA-1 digest is: 2618f701f1d1a853e33138a57bec193bcd08438e
For 64-bit Windows XP / Vista / Windows 7: The download file is named: "iTunes64Setup.exe" Its SHA-1 digest is: 3806af762a066fde3d7e83f86a429ae40175561e
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJP1iVwAAoJEPefwLHPlZEwwCwQAK3GHSCBWGFlkIdf5A14STjH 418W8jBN7fYpZL04wnBxFC4n6r9213/TAIq+FBQAUpS1Q4442qWbJ7DUPCU34+aC 1nhRhL6vXCrfsIqZB7YdsGIrcSw3iAKpyszCyDfE6l4oqwQuGzeUsZ89ZTxvKMLw QYelU0izAJHcBKDJ+GiQCSZjoYgOha9dW1rDE50EIc274SoyZqHBV1hs2fSkslMq GWKgg3KGSt1QGf9dX9bE2Zgb6QYVXTr092/VuIvAP6GUn5ltMJ4Qu1+GUhzQXykj 6Av3gtrwoWHg7iG3X66+A3XQ6oIjKHTplA8LDC5a3g1bcECaJI/QDxfC4xIyIqhT HUJPy1FH6cFKTVGEF7h4HvcQKjpbt20UuCE4a9Om8PPw2P/iaBNnS+jV5AQ/RVwL nfhxNQkNg0rYmFfUFjNWajjK+YWgjTN/Ny3Ba4hTl66PV5OSHtkQtIJtDTJcAxP0 7hX/CaEU9TnJl5HKmlhNv1PvqMmM951N39ODbf+zG23yVw+2hmE1SWDcJxAAv1LD sCMFh5vesPb/7Bvbc1Qi23lX27gjYA3bzPnwREdEQ+9nyiKbwFAvIZ5KwszIdmlR qIlGpIvpQOJYEC3aVq7tDlABkwF7pBaAGOQqYpP8O+iM7kJNDGCVaGWEL2OuVHjY bGLlmB3ueonyCP+g94nH =IxYx -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Apple iTunes Two Vulnerabilities
SECUNIA ADVISORY ID: SA49489
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49489/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49489
RELEASE DATE: 2012-06-12
DISCUSS ADVISORY: http://secunia.com/advisories/49489/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49489/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49489
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Apple has reported two vulnerabilities in Apple iTunes, which can be exploited by malicious people to compromise a user's system.
2) A vulnerability is caused due to a bundled vulnerable version of WebKit.
For more information see vulnerability #3 in: SA48454
NOTE: This vulnerability does not affect the application on OS X Lion systems.
SOLUTION: Update to version 10.6.3.
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Gjoko Krstic, Zero Science Lab. 2) Adam Barth and Abhishek Arya, Google Chrome Security Team.
ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT5318
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201206-0336",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "itunes",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "10.6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "10.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.5.1.42"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.1.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.0.80"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.3,
"vendor": "apple",
"version": "10.5.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.3,
"vendor": "apple",
"version": "10.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.2.12"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.1.1.4"
},
{
"model": "itunes",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.5.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.4.1.10"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.5.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.4.1"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.6.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.6.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.1,
"vendor": "apple",
"version": "10.6.1.7 and 10.6.0.40"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2012-5093"
},
{
"db": "BID",
"id": "53933"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002670"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-154"
},
{
"db": "NVD",
"id": "CVE-2012-0677"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apple:itunes",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002670"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gjoko Krstic of Zero Science Lab",
"sources": [
{
"db": "BID",
"id": "53933"
}
],
"trust": 0.3
},
"cve": "CVE-2012-0677",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2012-0677",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-53958",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-0677",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-0677",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201206-154",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "ZSL",
"id": "ZSL-2012-5093",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "VULHUB",
"id": "VHN-53958",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2012-5093"
},
{
"db": "VULHUB",
"id": "VHN-53958"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002670"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-154"
},
{
"db": "NVD",
"id": "CVE-2012-0677"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist. Apple iTunes is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. \nAttackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. iTunes is a free application for your Mac or PC. It lets you organize and play digital music and video on your computer. It can automatically download new music, app, and book purchases across all your devices and computers. And it\u2019s a store that has everything you need to be entertained. Anywhere. a specially crafted .M3U file. Successful exploitation could allow execution of arbitrary code on the affected node.\u003cbr/\u003e\u003cbr/\u003e\t--------------------------------------------------------------------------------\u003cbr/\u003e\u003cbr/\u003e\u003ccode\u003e (940.fc0): Access violation - code c0000005 (!!! second chance !!!)\u003cbr/\u003e eax=41414141 ebx=08508cd8 ecx=41414141 edx=052a6528 esi=052a64b0 edi=0559ef20\u003cbr/\u003e eip=41414141 esp=0012d8e8 ebp=7c90ff2d iopl=0 nv up ei pl nz na pe nc\u003cbr/\u003e cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206\u003cbr/\u003e\u003cunloaded_card.dll\u003e+0x41414130:\u003cbr/\u003e 41414141 ?? ???\u003cbr/\u003e\u003cbr/\u003e ~~~\u003cbr/\u003e\u003cbr/\u003e (6b0.a04): Access violation - code c0000005 (!!! second chance !!!)\u003cbr/\u003e eax=41414141 ebx=00000000 ecx=00000014 edx=41414141 esi=41414141 edi=0187e10d\u003cbr/\u003e eip=0187deec esp=0b0cfcd0 ebp=0b0cfcf0 iopl=0 nv up ei pl nz na pe nc\u003cbr/\u003e cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206\u003cbr/\u003e Defaulted to export symbols for C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\CoreFoundation.dll -\u003cbr/\u003e CoreFoundation!CFWriteStreamCreateWithAllocatedBuffers+0x40:\u003cbr/\u003e 0187deec 8b00 mov eax,dword ptr [eax] ds:0023:41414141=????????\u003cbr/\u003e\u003c/unloaded_card.dll\u003e\u003c/code\u003e\u003cbr/\u003e\t--------------------------------------------------------------------------------\u003cbr/\u003e\u003cbr/\u003eTested on: Microsoft Windows XP Professional SP3 EN (32bit)Microsoft Windows 7 Ultimate SP1 EN (64bit). Apple iTunes is a set of media player applications of Apple (Apple), which is mainly used for playing and managing digital music and video files. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2012-06-11-1 iTunes 10.6.3\n\niTunes 10.6.3 is now available and addresses the following:\n\niTunes\nAvailable for: Mac OS X v10.5 or later, Windows 7, Vista,\nXP SP2 or later\nImpact: Importing a maliciously crafted .m3u playlist may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A heap buffer overflow existed in the handling of .m3u\nplaylists. \nCVE-ID\nCVE-2012-0677 : Gjoko Krstic of Zero Science Lab\n\nWebKit\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Visiting a maliciously crafted website may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in WebKit. \nCVE-ID\nCVE-2012-0672 : Adam Barth and Abhishek Arya of the Google Chrome\nSecurity Team\n\n\niTunes 10.6.3 may be obtained from:\nhttp://www.apple.com/itunes/download/\n\nFor Mac OS X:\nThe download file is named: \"iTunes10.6.3.dmg\"\nIts SHA-1 digest is: e673e5cbd2955130efbc92a788fff178e66bd155\n\nFor Windows XP / Vista / Windows 7:\nThe download file is named: \"iTunesSetup.exe\"\nIts SHA-1 digest is: 2618f701f1d1a853e33138a57bec193bcd08438e\n\nFor 64-bit Windows XP / Vista / Windows 7:\nThe download file is named: \"iTunes64Setup.exe\"\nIts SHA-1 digest is: 3806af762a066fde3d7e83f86a429ae40175561e\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.18 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJP1iVwAAoJEPefwLHPlZEwwCwQAK3GHSCBWGFlkIdf5A14STjH\n418W8jBN7fYpZL04wnBxFC4n6r9213/TAIq+FBQAUpS1Q4442qWbJ7DUPCU34+aC\n1nhRhL6vXCrfsIqZB7YdsGIrcSw3iAKpyszCyDfE6l4oqwQuGzeUsZ89ZTxvKMLw\nQYelU0izAJHcBKDJ+GiQCSZjoYgOha9dW1rDE50EIc274SoyZqHBV1hs2fSkslMq\nGWKgg3KGSt1QGf9dX9bE2Zgb6QYVXTr092/VuIvAP6GUn5ltMJ4Qu1+GUhzQXykj\n6Av3gtrwoWHg7iG3X66+A3XQ6oIjKHTplA8LDC5a3g1bcECaJI/QDxfC4xIyIqhT\nHUJPy1FH6cFKTVGEF7h4HvcQKjpbt20UuCE4a9Om8PPw2P/iaBNnS+jV5AQ/RVwL\nnfhxNQkNg0rYmFfUFjNWajjK+YWgjTN/Ny3Ba4hTl66PV5OSHtkQtIJtDTJcAxP0\n7hX/CaEU9TnJl5HKmlhNv1PvqMmM951N39ODbf+zG23yVw+2hmE1SWDcJxAAv1LD\nsCMFh5vesPb/7Bvbc1Qi23lX27gjYA3bzPnwREdEQ+9nyiKbwFAvIZ5KwszIdmlR\nqIlGpIvpQOJYEC3aVq7tDlABkwF7pBaAGOQqYpP8O+iM7kJNDGCVaGWEL2OuVHjY\nbGLlmB3ueonyCP+g94nH\n=IxYx\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nApple iTunes Two Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA49489\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49489/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49489\n\nRELEASE DATE:\n2012-06-12\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49489/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49489/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49489\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nApple has reported two vulnerabilities in Apple iTunes, which can be\nexploited by malicious people to compromise a user\u0027s system. \n\n2) A vulnerability is caused due to a bundled vulnerable version of\nWebKit. \n\nFor more information see vulnerability #3 in:\nSA48454\n\nNOTE: This vulnerability does not affect the application on OS X Lion\nsystems. \n\nSOLUTION:\nUpdate to version 10.6.3. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n1) Gjoko Krstic, Zero Science Lab. \n2) Adam Barth and Abhishek Arya, Google Chrome Security Team. \n\nORIGINAL ADVISORY:\nApple:\nhttp://support.apple.com/kb/HT5318\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0677"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002670"
},
{
"db": "BID",
"id": "53933"
},
{
"db": "ZSL",
"id": "ZSL-2012-5093"
},
{
"db": "VULHUB",
"id": "VHN-53958"
},
{
"db": "PACKETSTORM",
"id": "113566"
},
{
"db": "PACKETSTORM",
"id": "113591"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/itunes_bof.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-53958",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2012-5093"
},
{
"db": "VULHUB",
"id": "VHN-53958"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-0677",
"trust": 2.9
},
{
"db": "SECUNIA",
"id": "49489",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002670",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "19773",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201206-154",
"trust": 0.7
},
{
"db": "APPLE",
"id": "APPLE-SA-2012-06-11-1",
"trust": 0.6
},
{
"db": "BID",
"id": "53933",
"trust": 0.5
},
{
"db": "PACKETSTORM",
"id": "113566",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "113555",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "19098",
"trust": 0.2
},
{
"db": "OSVDB",
"id": "82897",
"trust": 0.1
},
{
"db": "VULDB",
"id": "5552",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2012060148",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1027142",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2012-5093",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-73064",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-73321",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "19387",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-53958",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113591",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2012-5093"
},
{
"db": "VULHUB",
"id": "VHN-53958"
},
{
"db": "BID",
"id": "53933"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002670"
},
{
"db": "PACKETSTORM",
"id": "113566"
},
{
"db": "PACKETSTORM",
"id": "113591"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-154"
},
{
"db": "NVD",
"id": "CVE-2012-0677"
}
]
},
"id": "VAR-201206-0336",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-53958"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:06:54.500000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT5318",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT5318"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002670"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53958"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002670"
},
{
"db": "NVD",
"id": "CVE-2012-0677"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2012/jun/msg00000.html"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a17016"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0677"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu626251"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0677"
},
{
"trust": 0.7,
"url": "http://secunia.com/advisories/49489"
},
{
"trust": 0.7,
"url": "http://www.nsfocus.net/vulndb/19773"
},
{
"trust": 0.2,
"url": "http://support.apple.com/kb/ht5318"
},
{
"trust": 0.2,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "http://www.apple.com/itunes/download"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-0677"
},
{
"trust": 0.1,
"url": "https://isc.sans.edu/diary/apple+itunes+security+update/13435"
},
{
"trust": 0.1,
"url": "http://cxsecurity.com/issue/wlb-2012060148"
},
{
"trust": 0.1,
"url": "http://www.exploit-db.com/exploits/19098/"
},
{
"trust": 0.1,
"url": "http://packetstormsecurity.org/files/113555"
},
{
"trust": 0.1,
"url": "http://packetstormsecurity.org/files/113566"
},
{
"trust": 0.1,
"url": "http://www.securelist.com/en/advisories/49489"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1027142"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/82897"
},
{
"trust": 0.1,
"url": "http://www.scmagazine.com.au/news/304973,booby-trapped-playlist-pwns-itunes.aspx"
},
{
"trust": 0.1,
"url": "http://www.crn.com.au/news/304998,booby-trapped-playlist-hits-itunes.aspx"
},
{
"trust": 0.1,
"url": "http://lists.virus.org/apple-security-1206/msg00000.html"
},
{
"trust": 0.1,
"url": "http://www.camcert.gov.kh/?p=1201"
},
{
"trust": 0.1,
"url": "http://securityvulns.com/docs28127.html"
},
{
"trust": 0.1,
"url": "http://www.net-security.org/advisory.php?id=14441"
},
{
"trust": 0.1,
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-06/0051.html"
},
{
"trust": 0.1,
"url": "https://www.cert.be/pro/node/12532"
},
{
"trust": 0.1,
"url": "http://sylvar.tumblr.com/post/25087980360/apple-itunes-10-6-1-7-m3u-playlist-file-walking"
},
{
"trust": 0.1,
"url": "http://www.securityfocus.com/bid/53933"
},
{
"trust": 0.1,
"url": "http://www.nessus.org/plugins/index.php?view=single\u0026amp;id=59497"
},
{
"trust": 0.1,
"url": "http://www.nessus.org/plugins/index.php?view=single\u0026amp;id=59498"
},
{
"trust": 0.1,
"url": "http://www.nessus.org/plugins/index.php?view=single\u0026amp;id=59499"
},
{
"trust": 0.1,
"url": "http://www.scmagazine.com/itunes-vulnerability-may-enable-remote-code-execution/article/246207/"
},
{
"trust": 0.1,
"url": "http://www.informationweek.com/aroundtheweb/security/itunes-vulnerability-may-enable-remote-c/704d55486d51544d524931735147714b49364f5558773d3d"
},
{
"trust": 0.1,
"url": "http://www.msnbc.msn.com/id/47876553/ns/technology_and_science-security/"
},
{
"trust": 0.1,
"url": "http://www.libertas.mk/vest/28065/makedonski-it-ekspert-otkri-opasen-bezbednosen-defekt-vo-itjuns"
},
{
"trust": 0.1,
"url": "http://www.scip.ch/en/?vuldb.5552"
},
{
"trust": 0.1,
"url": "http://www.infosecurity-magazine.com/view/26492/researcher-publishes-proofofconcept-exploit-for-itunes/"
},
{
"trust": 0.1,
"url": "http://www.intego.com/mac-security-blog/time-to-update-itunes/"
},
{
"trust": 0.1,
"url": "http://tif.mcafee.com/threats/3500"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0672"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0677"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/itunes/download/"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49489/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49489"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49489/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2012-5093"
},
{
"db": "VULHUB",
"id": "VHN-53958"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002670"
},
{
"db": "PACKETSTORM",
"id": "113566"
},
{
"db": "PACKETSTORM",
"id": "113591"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-154"
},
{
"db": "NVD",
"id": "CVE-2012-0677"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2012-5093"
},
{
"db": "VULHUB",
"id": "VHN-53958"
},
{
"db": "BID",
"id": "53933"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002670"
},
{
"db": "PACKETSTORM",
"id": "113566"
},
{
"db": "PACKETSTORM",
"id": "113591"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-154"
},
{
"db": "NVD",
"id": "CVE-2012-0677"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-12T00:00:00",
"db": "ZSL",
"id": "ZSL-2012-5093"
},
{
"date": "2012-06-12T00:00:00",
"db": "VULHUB",
"id": "VHN-53958"
},
{
"date": "2012-06-11T00:00:00",
"db": "BID",
"id": "53933"
},
{
"date": "2012-06-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002670"
},
{
"date": "2012-06-12T22:20:34",
"db": "PACKETSTORM",
"id": "113566"
},
{
"date": "2012-06-13T02:54:15",
"db": "PACKETSTORM",
"id": "113591"
},
{
"date": "2012-06-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-154"
},
{
"date": "2012-06-12T14:55:01.250000",
"db": "NVD",
"id": "CVE-2012-0677"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-01T00:00:00",
"db": "ZSL",
"id": "ZSL-2012-5093"
},
{
"date": "2017-09-19T00:00:00",
"db": "VULHUB",
"id": "VHN-53958"
},
{
"date": "2012-06-17T00:01:00",
"db": "BID",
"id": "53933"
},
{
"date": "2012-06-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002670"
},
{
"date": "2012-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-154"
},
{
"date": "2024-11-21T01:35:31.127000",
"db": "NVD",
"id": "CVE-2012-0677"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201206-154"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple iTunes Heap-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002670"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201206-154"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.