iTunes m3u Playlist Overflow
Added: 07/03/2012CVE: CVE-2012-0677
BID: 53933
OSVDB: 82897
Background
iTunes is a free media player for multiple platforms.Problem
iTunes does not properly validate parameters for #EXTINF: directives in m3u files. This results in an exploitable stack overflow.Resolution
Upgrade to iTunes 10.6.3 or higher.References
http://support.apple.com/kb/HT5318http://zeroscience.mk/en/vulnerabilities/ZSL-2012-5093.php
Limitations
QuickTime must be installed on the target system. This exploit has been tested against iTunes 10.6.1.7 and QuickTime 7.7.2 running on Microsoft Windows XP SP3 English (DEP OptIn).Platforms
WindowsBack to exploit index