iTunes .PLS Title buffer overflow

Added: 05/11/2015

Background

iTunes is a free media player for multiple platforms.

Problem

A buffer overflow vulnerability in iTunes allows command execution when a .PLS file containing a specially crafted Title parameter is opened.

Resolution

Do not open untrusted .PLS files.

References

https://www.exploit-db.com/exploits/36837/

Limitations

Exploit works on iTunes 10.6.1.7 on Windows XP SP3 and requires a user to open the exploit file in iTunes.

Platforms

Windows XP

Back to exploit index