Apple iTunes itms: URL buffer overflow

Added: 07/06/2009
CVE: CVE-2009-0950
BID: 35157
OSVDB: 54833

Background

iTunes is a free media player for multiple platforms.

Problem

A buffer overflow vulnerability allows command execution when a user opens a specially crafted itms:// URL.

Resolution

Upgrade to iTunes 8.2 or higher.

References

http://support.apple.com/kb/HT3592

Limitations

Exploit works on iTunes 8.1.1 and requires a user to open the exploit URL in iTunes.

Platforms

Windows XP

Back to exploit index